<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.3.8) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-lake-edhoc-impl-cons-07" category="info" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.33.0 -->
  <front>
    <title abbrev="Implementation Considerations for EDHOC">Implementation Considerations for Ephemeral Diffie-Hellman Over COSE (EDHOC)</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-lake-edhoc-impl-cons-07"/>
    <author initials="M." surname="Tiloca" fullname="Marco Tiloca">
      <organization>RISE AB</organization>
      <address>
        <postal>
          <street>Isafjordsgatan 22</street>
          <city>Kista</city>
          <code>16440 Stockholm</code>
          <country>Sweden</country>
        </postal>
        <email>marco.tiloca@ri.se</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Security</area>
    <workgroup>LAKE Working Group</workgroup>
    <keyword>Internet-Draft</keyword>
    <abstract>
      <?line 61?>

<t>This document provides considerations for guiding the implementation of the authenticated key exchange protocol Ephemeral Diffie-Hellman Over COSE (EDHOC).</t>
    </abstract>
    <note removeInRFC="true">
      <name>Discussion Venues</name>
      <t>Discussion of this document takes place on the
    Lightweight Authenticated Key Exchange Working Group mailing list (lake@ietf.org),
    which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/lake/"/>.</t>
      <t>Source for this draft and an issue tracker can be found at
    <eref target="https://github.com/lake-wg/edhoc-impl-cons"/>.</t>
    </note>
  </front>
  <middle>
    <?line 65?>

<section anchor="intro">
      <name>Introduction</name>
      <t>Ephemeral Diffie-Hellman Over COSE (EDHOC) <xref target="RFC9528"/> is a lightweight authenticated key exchange protocol, especially intended for use in constrained scenarios.</t>
      <t>During the development of EDHOC, a number of side topics were raised and discussed, as emerging from reviews of the protocol latest design and from implementation activities. These topics were identified as strongly pertaining to the implementation of EDHOC rather than to the protocol in itself. Hence, they are not discussed in <xref target="RFC9528"/>, which rightly focuses on specifying the actual protocol.</t>
      <t>At the same time, implementers of an application using the EDHOC protocol or of an "EDHOC library" enabling its use cannot simply ignore such topics and will have to take them into account throughout their implementation work.</t>
      <t>In order to prevent multiple, independent re-discoveries and assessments of those topics, as well as to facilitate and guide implementation activities, this document collects such topics and discusses them through considerations about the implementation of EDHOC. At a high-level, the topics in question are summarized below:</t>
      <ul spacing="normal">
        <li>
          <t>Handling of completed EDHOC sessions when they become invalid and of application keys derived from an EDHOC session when those become invalid. This topic is discussed in <xref target="sec-session-handling"/>.</t>
        </li>
        <li>
          <t>Retention of completed EDHOC sessions that are still valid, also in the case that an EDHOC error message is received after their completion. This topic is discussed in <xref target="sec-session-retention"/>.</t>
        </li>
        <li>
          <t>Enforcement of different trust policies, with respect to learning new authentication credentials during an execution of EDHOC. This topic is discussed in <xref target="sec-trust-models"/>.</t>
        </li>
        <li>
          <t>Branched-off side processing of incoming EDHOC messages, with particular reference to: i) fetching and validation of authentication credentials; and ii) processing of External Authorization Data (EAD) items, which in turn might play a role in the fetching and validation of authentication credentials. This topic is discussed in <xref target="sec-message-side-processing"/>.</t>
        </li>
        <li>
          <t>Effectively using EDHOC over the Constrained Application Protocol (CoAP) <xref target="RFC7252"/> in combination with Block-wise transfers for CoAP <xref target="RFC7959"/>, possibly together with the optimized EDHOC execution workflow defined in <xref target="RFC9668"/>. This topic is discussed in <xref target="sec-block-wise"/>.</t>
        </li>
      </ul>
      <t>The scope of the present implementation considerations only includes the use of EDHOC with the authentication methods specified in <xref section="3.2" sectionFormat="of" target="RFC9528"/> and based on public key authentication. A future document can extend the present document and include implementation considerations that consider the use of EDHOC with other authentication methods, such as the one defined in <xref target="I-D.ietf-lake-edhoc-psk"/> and based on symmetric pre-shared keys.</t>
      <section anchor="terminology">
        <name>Terminology</name>
        <t>The reader is expected to be familiar with terms and concepts related to the EDHOC protocol <xref target="RFC9528"/>, (CoAP) <xref target="RFC7252"/>, and Block-wise transfers for CoAP <xref target="RFC7959"/>.</t>
      </section>
    </section>
    <section anchor="sec-session-handling">
      <name>Handling of Invalid EDHOC Sessions and Application Keys</name>
      <t>This section considers the most common situation where, given a certain peer, only the application at that peer has visibility and control of both:</t>
      <ul spacing="normal">
        <li>
          <t>The EDHOC sessions at that peer; and</t>
        </li>
        <li>
          <t>The application keys for that application at that peer, including the knowledge of whether they have been derived from an EDHOC session, i.e., by means of the EDHOC_Exporter interface after the successful completion of an execution of EDHOC (see <xref section="4.2" sectionFormat="of" target="RFC9528"/>).</t>
        </li>
      </ul>
      <t>Building on the above, the following expands on three relevant cases concerning the handling of EDHOC sessions and application keys, in the event that any of those becomes invalid.</t>
      <t>To provide more concrete guidance, the following considers the case where "application keys" stands for the keying material and parameters that compose a Security Context for the security protocol Object Security for Constrained RESTful Environments (OSCORE) <xref target="RFC8613"/>, i.e., when specifically those application keys are derived from an EDHOC session (see <xref section="A.1" sectionFormat="of" target="RFC9528"/>).</t>
      <t>Nevertheless, the same considerations are applicable if EDHOC is used to derive other application keys, e.g., when used to key different security protocols than OSCORE or to provide the application with secure values that are bound to an EDHOC session.</t>
      <section anchor="sec-session-invalid">
        <name>EDHOC Sessions Become Invalid</name>
        <t>The application at a peer P may have learned that a completed EDHOC session S has to be invalidated. When S is marked as invalid, the application at P purges S and deletes each set of application keys (e.g., the OSCORE Security Context) that was generated from S.</t>
        <t>Then, the application runs a new execution of the EDHOC protocol with the other peer. Upon successfully completing the EDHOC execution, the two peers derive and install a new set of application keys from this latest EDHOC session.</t>
        <t>The flowchart in <xref target="fig-flowchart-session-invalid"/> shows the handling of an EDHOC session that has become invalid.</t>
        <figure anchor="fig-flowchart-session-invalid">
          <name>Handling of an EDHOC Session that Has Become Invalid.</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="80" width="568" viewBox="0 0 568 80" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 72,48 L 96,48" fill="none" stroke="black"/>
                <path d="M 312,48 L 336,48" fill="none" stroke="black"/>
                <path d="M 400,48 L 424,48" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="432,48 420,42.4 420,53.6" fill="black" transform="rotate(0,424,48)"/>
                <polygon class="arrowhead" points="344,48 332,42.4 332,53.6" fill="black" transform="rotate(0,336,48)"/>
                <polygon class="arrowhead" points="104,48 92,42.4 92,53.6" fill="black" transform="rotate(0,96,48)"/>
                <g class="text">
                  <text x="32" y="36">Invalid</text>
                  <text x="132" y="36">Delete</text>
                  <text x="176" y="36">the</text>
                  <text x="216" y="36">EDHOC</text>
                  <text x="272" y="36">session</text>
                  <text x="368" y="36">Rerun</text>
                  <text x="460" y="36">Derive</text>
                  <text x="504" y="36">and</text>
                  <text x="24" y="52">EDHOC</text>
                  <text x="120" y="52">and</text>
                  <text x="152" y="52">the</text>
                  <text x="216" y="52">application</text>
                  <text x="284" y="52">keys</text>
                  <text x="368" y="52">EDHOC</text>
                  <text x="464" y="52">install</text>
                  <text x="512" y="52">new</text>
                  <text x="32" y="68">session</text>
                  <text x="136" y="68">derived</text>
                  <text x="188" y="68">from</text>
                  <text x="220" y="68">it</text>
                  <text x="480" y="68">application</text>
                  <text x="548" y="68">keys</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
Invalid      Delete the EDHOC session      Rerun      Derive and
EDHOC   ---> and the application keys ---> EDHOC ---> install new
session      derived from it                          application keys
]]></artwork>
          </artset>
        </figure>
        <t>An EDHOC session may have become invalid, for example, because an authentication credential CRED_X has expired, or because the peer P has learned from a trusted source that CRED_X has been revoked. This effectively invalidates CRED_X, and therefore also invalidates any EDHOC session where CRED_X was used as authentication credential associated with either peer in the session (i.e., P itself or the other peer). In such a case, the application at P has to additionally delete CRED_X and any stored, corresponding credential identifier.</t>
      </section>
      <section anchor="sec-keys-invalid">
        <name>Application Keys Become Invalid</name>
        <t>The application at a peer P may have learned that a set of application keys is not safe to use anymore. When such a set is specifically an OSCORE Security Context, the application may have learned that from the OSCORE library used or from an OSCORE layer that takes part in the communication stack.</t>
        <t>A current set SET of application keys shared with another peer can become unsafe to use, for example, due to the following reasons:</t>
        <ul spacing="normal">
          <li>
            <t>SET has reached a pre-determined expiration time;</t>
          </li>
          <li>
            <t>SET has been established to use for an amount of time that is now elapsed, according to enforced application policies; or</t>
          </li>
          <li>
            <t>Some elements of SET have been used enough times to approach cryptographic limits that should not be passed, e.g., according to the properties of the security algorithms specifically used. With particular reference to an OSCORE Security Context, such limits are discussed in <xref target="I-D.ietf-core-oscore-key-limits"/>.</t>
          </li>
        </ul>
        <t>When this happens, the application at the peer P proceeds as follows:</t>
        <ol spacing="normal" type="1"><li>
            <t>If the following conditions both hold, then the application moves to Step 2. Otherwise, it moves to Step 3.  </t>
            <ul spacing="normal">
              <li>
                <t>Let us define S as the EDHOC session from which the peer P has derived SET or the eldest SET's ancestor set of application keys. Then, since the completion of S with the other peer, the application at P has received from the other peer and successfully verified at least one message protected with any set of application keys derived from S. That is, P has persisted S (see <xref section="5.4.2" sectionFormat="of" target="RFC9528"/>).</t>
              </li>
              <li>
                <t>The peer P supports a key update protocol, as an alternative to performing a new execution of EDHOC with the other peer. When SET is an OSCORE Security Context, the key update protocol supported by the peer P can be KUDOS <xref target="I-D.ietf-core-oscore-key-update"/>.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>The application at P runs the key update protocol mentioned at Step 1 with the other peer, in order to update SET. When SET is an OSCORE Security Context, the application at P can run the key update protocol KUDOS with the other peer.  </t>
            <t>
If the key update protocol terminates successfully, the updated application keys are installed and no further actions are taken. Otherwise, the application at P moves to Step 3.</t>
          </li>
          <li>
            <t>The application at the peer P performs the following actions:  </t>
            <ul spacing="normal">
              <li>
                <t>It deletes SET.</t>
              </li>
              <li>
                <t>It deletes the EDHOC session from which SET was generated, or from which the eldest SET's ancestor set of application keys was generated before any key update occurred (e.g., by means of the EDHOC_KeyUpdate interface defined in <xref section="H" sectionFormat="of" target="RFC9528"/> or other key update methods).</t>
              </li>
              <li>
                <t>It runs a new execution of the EDHOC protocol with the other peer. Upon successfully completing the EDHOC execution, the two peers derive and install a new set of application keys from this latest EDHOC session.</t>
              </li>
            </ul>
          </li>
        </ol>
        <t>The flowchart in <xref target="fig-flowchart-keys-invalid"/> shows the handling of a set of application keys that has become invalid. In particular, it assumes such a set to be an OSCORE Security Context and the key update protocol to be KUDOS.</t>
        <figure anchor="fig-flowchart-keys-invalid">
          <name>Handling of a Set of Application Keys that Has Become Invalid.</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="608" width="568" viewBox="0 0 568 608" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 24,64 L 24,96" fill="none" stroke="black"/>
                <path d="M 24,192 L 24,224" fill="none" stroke="black"/>
                <path d="M 24,304 L 24,336" fill="none" stroke="black"/>
                <path d="M 24,400 L 24,432" fill="none" stroke="black"/>
                <path d="M 24,512 L 24,544" fill="none" stroke="black"/>
                <path d="M 240,176 L 240,272" fill="none" stroke="black"/>
                <path d="M 312,176 L 312,480" fill="none" stroke="black"/>
                <path d="M 472,176 L 472,208" fill="none" stroke="black"/>
                <path d="M 144,128 L 176,128" fill="none" stroke="black"/>
                <path d="M 408,128 L 440,128" fill="none" stroke="black"/>
                <path d="M 96,272 L 240,272" fill="none" stroke="black"/>
                <path d="M 96,480 L 312,480" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="480,208 468,202.4 468,213.6" fill="black" transform="rotate(90,472,208)"/>
                <polygon class="arrowhead" points="448,128 436,122.4 436,133.6" fill="black" transform="rotate(0,440,128)"/>
                <polygon class="arrowhead" points="320,176 308,170.4 308,181.6" fill="black" transform="rotate(270,312,176)"/>
                <polygon class="arrowhead" points="248,176 236,170.4 236,181.6" fill="black" transform="rotate(270,240,176)"/>
                <polygon class="arrowhead" points="184,128 172,122.4 172,133.6" fill="black" transform="rotate(0,176,128)"/>
                <polygon class="arrowhead" points="32,544 20,538.4 20,549.6" fill="black" transform="rotate(90,24,544)"/>
                <polygon class="arrowhead" points="32,432 20,426.4 20,437.6" fill="black" transform="rotate(90,24,432)"/>
                <polygon class="arrowhead" points="32,336 20,330.4 20,341.6" fill="black" transform="rotate(90,24,336)"/>
                <polygon class="arrowhead" points="32,224 20,218.4 20,229.6" fill="black" transform="rotate(90,24,224)"/>
                <polygon class="arrowhead" points="32,96 20,90.4 20,101.6" fill="black" transform="rotate(90,24,96)"/>
                <g class="text">
                  <text x="32" y="36">Invalid</text>
                  <text x="112" y="36">application</text>
                  <text x="180" y="36">keys</text>
                  <text x="156" y="116">NO</text>
                  <text x="16" y="132">Are</text>
                  <text x="48" y="132">the</text>
                  <text x="212" y="132">Delete</text>
                  <text x="256" y="132">the</text>
                  <text x="320" y="132">application</text>
                  <text x="472" y="132">Rerun</text>
                  <text x="48" y="148">application</text>
                  <text x="116" y="148">keys</text>
                  <text x="204" y="148">keys</text>
                  <text x="240" y="148">and</text>
                  <text x="272" y="148">the</text>
                  <text x="312" y="148">EDHOC</text>
                  <text x="368" y="148">session</text>
                  <text x="472" y="148">EDHOC</text>
                  <text x="44" y="164">persisted?</text>
                  <text x="48" y="212">YES</text>
                  <text x="428" y="244">Derive</text>
                  <text x="472" y="244">and</text>
                  <text x="520" y="244">install</text>
                  <text x="12" y="260">Is</text>
                  <text x="48" y="260">KUDOS</text>
                  <text x="108" y="260">NO</text>
                  <text x="416" y="260">new</text>
                  <text x="480" y="260">application</text>
                  <text x="548" y="260">keys</text>
                  <text x="44" y="276">supported?</text>
                  <text x="48" y="324">YES</text>
                  <text x="16" y="372">Run</text>
                  <text x="56" y="372">KUDOS</text>
                  <text x="16" y="468">Has</text>
                  <text x="56" y="468">KUDOS</text>
                  <text x="108" y="468">NO</text>
                  <text x="44" y="484">succeeded?</text>
                  <text x="48" y="532">YES</text>
                  <text x="32" y="580">Install</text>
                  <text x="80" y="580">the</text>
                  <text x="128" y="580">updated</text>
                  <text x="48" y="596">application</text>
                  <text x="116" y="596">keys</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
Invalid application keys

  |
  |
  v
                  NO
Are the          ----> Delete the application     ----> Rerun
application keys       keys and the EDHOC session       EDHOC
persisted?
                             ^        ^                   |
  |                          |        |                   |
  | YES                      |        |                   v
  v                          |        |
                             |        |           Derive and install
Is KUDOS    NO               |        |           new application keys
supported? ------------------+        |
                                      |
  |                                   |
  | YES                               |
  v                                   |
                                      |
Run KUDOS                             |
                                      |
  |                                   |
  |                                   |
  v                                   |
                                      |
Has KUDOS   NO                        |
succeeded? ---------------------------+

  |
  | YES
  v

Install the updated
application keys
]]></artwork>
          </artset>
        </figure>
      </section>
      <section anchor="sec-keys-token-invalid">
        <name>Application Keys or Bound Access Rights Become Invalid</name>
        <t>The following considers two peers that use the ACE framework for authentication and authorization in constrained environments <xref target="RFC9200"/> and specifically the EDHOC and OSCORE profile of ACE defined in <xref target="I-D.ietf-ace-edhoc-oscore-profile"/>.</t>
        <t>When doing so, one of the two peers acts as ACE resource server (RS) hosting protected resources. The other peer acts as ACE client and requests an access token from an ACE authorization server (AS) that is in a trust relationship with the RS. The access token specifies access rights for accessing protected resources at the RS as well as the public authentication credential of the client, namely AUTH_CRED_C.</t>
        <t>After that, C uploads the access token to the RS, by means of an EAD item included in an EDHOC message during the EDHOC execution (see below). Alternatively, the AS can upload the access token to the RS on behalf of the client, as per the alternative Short Distribution Chain (SDC) workflow defined in <xref target="I-D.ietf-ace-workflow-and-params"/>.</t>
        <t>Consistent with the EDHOC and OSCORE profile of ACE, the two peers run EDHOC in order to specifically derive an OSCORE Security Context as their shared set of application keys (see <xref section="A.1" sectionFormat="of" target="RFC9528"/>). At the RS, the access token is bound to the successfully completed EDHOC session and to the established OSCORE Security Context.</t>
        <t>After that, the peer acting as ACE client can access the protected resources hosted at the other peer acting as RS, according to the access rights specified in the access token. The communications between the two peers are protected by means of the established OSCORE Security Context.</t>
        <t>Later on, the application at one of the two peers P may have learned that the established OSCORE Security Context CTX is not safe to use anymore, e.g., from the OSCORE library used or from an OSCORE layer that takes part in the communication stack. The reasons that make CTX not safe to use anymore are the same ones discussed in <xref target="sec-keys-invalid"/> when considering a set of application keys in general, plus the event that the access token bound to CTX becomes invalid (e.g., it has expired or it has been revoked).</t>
        <t>When this happens, the application at the peer P proceeds as follows.</t>
        <ol spacing="normal" type="1"><li>
            <t>If the following conditions both hold, then the application moves to Step 2. Otherwise, it moves to Step 3:  </t>
            <ul spacing="normal">
              <li>
                <t>The access token is still believed to be valid. That is, it has not expired yet and the peer P is not aware that it has been revoked.</t>
              </li>
              <li>
                <t>Let us define S as the EDHOC session from which the peer P has derived CTX or the eldest CTX's ancestor OSCORE Security Context. Then, since the completion of S with the other peer, the application at P has received from the other peer and successfully verified at least one message protected with any set of application keys derived from S. That is, P has persisted S (see <xref section="5.4.2" sectionFormat="of" target="RFC9528"/>).</t>
              </li>
            </ul>
          </li>
          <li>
            <t>If the peer P supports the key update protocol KUDOS <xref target="I-D.ietf-core-oscore-key-update"/>, then P runs KUDOS with the other peer, in order to update CTX. If the execution of KUDOS terminates successfully, the updated OSCORE Security Context is installed and no further actions are taken.  </t>
            <t>
If the execution of KUDOS does not terminate successfully or if the peer P does not support KUDOS altogether, then the application at P moves to Step 3.</t>
          </li>
          <li>
            <t>The application at the peer P performs the following actions.  </t>
            <ul spacing="normal">
              <li>
                <t>If the access token is not believed to be valid anymore, the peer P deletes all the EDHOC sessions associated with the access token as well as the OSCORE Security Context derived from each of those sessions.      </t>
                <t>
Note that, when specifically considering the EDHOC and OSCORE profile of ACE, an access token is associated with at most one EDHOC session (see <xref section="4.2" sectionFormat="of" target="I-D.ietf-ace-edhoc-oscore-profile"/>).      </t>
                <t>
If the peer P acted as ACE client, then P obtains from the ACE AS a new access token, which is uploaded to the other peer acting as ACE RS.      </t>
                <t>
Finally, the application at P moves to Step 4.</t>
              </li>
              <li>
                <t>If the access token is valid while the OSCORE Security Context CTX is not, then the peer P deletes CTX.      </t>
                <t>
After that, the peer P deletes the EDHOC session from which CTX was generated, or from which the eldest CTX's ancestor OSCORE Security Context was generated before any key update occurred (e.g., by means of KUDOS or other key update methods).      </t>
                <t>
Finally, the application at P moves to Step 4.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>The peer P runs a new execution of the EDHOC protocol with the other peer. Upon successfully completing the EDHOC execution, the two peers derive and install a new OSCORE Security Context from this latest EDHOC session.  </t>
            <t>
At the RS, the access token is bound to this latest EDHOC session and the newly established OSCORE Security Context.</t>
          </li>
        </ol>
        <t>The flowchart in <xref target="fig-flowchart-keys-token-invalid"/> shows the handling of an access token or of a set of application keys that have become invalid, when using the EDHOC and OSCORE profile of the ACE framework.</t>
        <figure anchor="fig-flowchart-keys-token-invalid">
          <name>Handling of an Access Token or of a Set of Application Keys that Have Become Invalid.</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="912" width="576" viewBox="0 0 576 912" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 24,96 L 24,128" fill="none" stroke="black"/>
                <path d="M 24,224 L 24,288" fill="none" stroke="black"/>
                <path d="M 24,368 L 24,400" fill="none" stroke="black"/>
                <path d="M 24,496 L 24,528" fill="none" stroke="black"/>
                <path d="M 24,608 L 24,640" fill="none" stroke="black"/>
                <path d="M 24,704 L 24,736" fill="none" stroke="black"/>
                <path d="M 24,816 L 24,848" fill="none" stroke="black"/>
                <path d="M 264,496 L 264,576" fill="none" stroke="black"/>
                <path d="M 336,496 L 336,784" fill="none" stroke="black"/>
                <path d="M 504,208 L 504,448" fill="none" stroke="black"/>
                <path d="M 560,160 L 560,576" fill="none" stroke="black"/>
                <path d="M 112,160 L 144,160" fill="none" stroke="black"/>
                <path d="M 336,160 L 352,160" fill="none" stroke="black"/>
                <path d="M 456,160 L 472,160" fill="none" stroke="black"/>
                <path d="M 536,160 L 560,160" fill="none" stroke="black"/>
                <path d="M 144,448 L 184,448" fill="none" stroke="black"/>
                <path d="M 456,448 L 504,448" fill="none" stroke="black"/>
                <path d="M 96,576 L 264,576" fill="none" stroke="black"/>
                <path d="M 96,784 L 336,784" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="568,576 556,570.4 556,581.6" fill="black" transform="rotate(90,560,576)"/>
                <polygon class="arrowhead" points="512,208 500,202.4 500,213.6" fill="black" transform="rotate(270,504,208)"/>
                <polygon class="arrowhead" points="480,160 468,154.4 468,165.6" fill="black" transform="rotate(0,472,160)"/>
                <polygon class="arrowhead" points="360,160 348,154.4 348,165.6" fill="black" transform="rotate(0,352,160)"/>
                <polygon class="arrowhead" points="344,496 332,490.4 332,501.6" fill="black" transform="rotate(270,336,496)"/>
                <polygon class="arrowhead" points="272,496 260,490.4 260,501.6" fill="black" transform="rotate(270,264,496)"/>
                <polygon class="arrowhead" points="192,448 180,442.4 180,453.6" fill="black" transform="rotate(0,184,448)"/>
                <polygon class="arrowhead" points="152,160 140,154.4 140,165.6" fill="black" transform="rotate(0,144,160)"/>
                <polygon class="arrowhead" points="32,848 20,842.4 20,853.6" fill="black" transform="rotate(90,24,848)"/>
                <polygon class="arrowhead" points="32,736 20,730.4 20,741.6" fill="black" transform="rotate(90,24,736)"/>
                <polygon class="arrowhead" points="32,640 20,634.4 20,645.6" fill="black" transform="rotate(90,24,640)"/>
                <polygon class="arrowhead" points="32,528 20,522.4 20,533.6" fill="black" transform="rotate(90,24,528)"/>
                <polygon class="arrowhead" points="32,400 20,394.4 20,405.6" fill="black" transform="rotate(90,24,400)"/>
                <polygon class="arrowhead" points="32,288 20,282.4 20,293.6" fill="black" transform="rotate(90,24,288)"/>
                <polygon class="arrowhead" points="32,128 20,122.4 20,133.6" fill="black" transform="rotate(90,24,128)"/>
                <g class="text">
                  <text x="32" y="36">Invalid</text>
                  <text x="92" y="36">access</text>
                  <text x="144" y="36">token</text>
                  <text x="44" y="52">specifying</text>
                  <text x="140" y="52">AUTH_CRED_C,</text>
                  <text x="12" y="68">or</text>
                  <text x="56" y="68">invalid</text>
                  <text x="136" y="68">application</text>
                  <text x="204" y="68">keys</text>
                  <text x="124" y="148">NO</text>
                  <text x="12" y="164">Is</text>
                  <text x="40" y="164">the</text>
                  <text x="180" y="164">Delete</text>
                  <text x="224" y="164">the</text>
                  <text x="284" y="164">associated</text>
                  <text x="388" y="164">Obtain</text>
                  <text x="432" y="164">and</text>
                  <text x="504" y="164">Rerun</text>
                  <text x="28" y="180">access</text>
                  <text x="80" y="180">token</text>
                  <text x="176" y="180">EDHOC</text>
                  <text x="236" y="180">sessions</text>
                  <text x="288" y="180">and</text>
                  <text x="388" y="180">upload</text>
                  <text x="424" y="180">a</text>
                  <text x="504" y="180">EDHOC</text>
                  <text x="24" y="196">still</text>
                  <text x="84" y="196">believed</text>
                  <text x="168" y="196">the</text>
                  <text x="232" y="196">application</text>
                  <text x="300" y="196">keys</text>
                  <text x="376" y="196">new</text>
                  <text x="420" y="196">access</text>
                  <text x="12" y="212">to</text>
                  <text x="36" y="212">be</text>
                  <text x="76" y="212">valid?</text>
                  <text x="184" y="212">derived</text>
                  <text x="236" y="212">from</text>
                  <text x="280" y="212">those</text>
                  <text x="384" y="212">token</text>
                  <text x="48" y="276">YES</text>
                  <text x="16" y="324">The</text>
                  <text x="80" y="324">application</text>
                  <text x="148" y="324">keys</text>
                  <text x="16" y="340">are</text>
                  <text x="48" y="340">not</text>
                  <text x="88" y="340">valid</text>
                  <text x="144" y="340">anymore</text>
                  <text x="16" y="436">Are</text>
                  <text x="48" y="436">the</text>
                  <text x="156" y="436">NO</text>
                  <text x="48" y="452">application</text>
                  <text x="116" y="452">keys</text>
                  <text x="220" y="452">Delete</text>
                  <text x="264" y="452">the</text>
                  <text x="328" y="452">application</text>
                  <text x="396" y="452">keys</text>
                  <text x="432" y="452">and</text>
                  <text x="44" y="468">persisted?</text>
                  <text x="208" y="468">the</text>
                  <text x="268" y="468">associated</text>
                  <text x="336" y="468">EDHOC</text>
                  <text x="392" y="468">session</text>
                  <text x="48" y="516">YES</text>
                  <text x="12" y="564">Is</text>
                  <text x="48" y="564">KUDOS</text>
                  <text x="124" y="564">NO</text>
                  <text x="44" y="580">supported?</text>
                  <text x="452" y="612">Derive</text>
                  <text x="496" y="612">and</text>
                  <text x="544" y="612">install</text>
                  <text x="48" y="628">YES</text>
                  <text x="424" y="628">new</text>
                  <text x="488" y="628">application</text>
                  <text x="556" y="628">keys</text>
                  <text x="16" y="676">Run</text>
                  <text x="56" y="676">KUDOS</text>
                  <text x="16" y="772">Has</text>
                  <text x="56" y="772">KUDOS</text>
                  <text x="124" y="772">NO</text>
                  <text x="44" y="788">succeeded?</text>
                  <text x="48" y="836">YES</text>
                  <text x="32" y="884">Install</text>
                  <text x="80" y="884">the</text>
                  <text x="128" y="884">updated</text>
                  <text x="48" y="900">application</text>
                  <text x="116" y="900">keys</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
Invalid access token
specifying AUTH_CRED_C,
or invalid application keys

  |
  |
  v
              NO
Is the       ----> Delete the associated --> Obtain and --> Rerun ---+
access token       EDHOC sessions and        upload a       EDHOC    |
still believed     the application keys      new access              |
to be valid?       derived from those        token            ^      |
  |                                                           |      |
  |                                                           |      |
  |                                                           |      |
  | YES                                                       |      |
  v                                                           |      |
                                                              |      |
The application keys                                          |      |
are not valid anymore                                         |      |
                                                              |      |
  |                                                           |      |
  |                                                           |      |
  v                                                           |      |
                                                              |      |
Are the           NO                                          |      |
application keys -----> Delete the application keys and ------+      |
persisted?              the associated EDHOC session                 |
                                                                     |
  |                             ^        ^                           |
  | YES                         |        |                           |
  v                             |        |                           |
                                |        |                           |
Is KUDOS      NO                |        |                           |
supported? ---------------------+        |                           v
                                         |
  |                                      |           Derive and install
  | YES                                  |         new application keys
  v                                      |
                                         |
Run KUDOS                                |
                                         |
  |                                      |
  |                                      |
  v                                      |
                                         |
Has KUDOS     NO                         |
succeeded? ------------------------------+

  |
  | YES
  v

Install the updated
application keys
]]></artwork>
          </artset>
        </figure>
      </section>
    </section>
    <section anchor="sec-session-retention">
      <name>Retention of Completed EDHOC Sessions</name>
      <t>After successfully completing an EDHOC session S and possibly using the EDHOC_Exporter interface to derive keying material from S, an EDHOC peer is expected to store and retain the latest state of S over time.</t>
      <t>Requirements to fulfill for persistently storing PRK_out or derived application keys are defined in Sections <xref target="RFC9528" section="5.4.2" sectionFormat="bare"/> and <xref target="RFC9528" section="5.4.3" sectionFormat="bare"/> of <xref target="RFC9528"/>.</t>
      <t>Retaining the state of S ensures that it is possible to:</t>
      <ul spacing="normal">
        <li>
          <t>Update S by updating its associated PRK_out in a more efficient way than re-running EDHOC, e.g., by using the EDHOC_KeyUpdate function defined in <xref section="H" sectionFormat="of" target="RFC9528"/>.</t>
        </li>
        <li>
          <t>Use the EDHOC_Exporter interface for late derivations of keying material from S that cannot be performed shortly after the session completion or according to a predictable schedule.</t>
        </li>
      </ul>
      <t>Absent application policies defining more restrictive lifetimes, the peer is expected to retain the latest state of S in its local storage until:</t>
      <ul spacing="normal">
        <li>
          <t>S has to be deleted due to reasons discussed in <xref target="sec-session-handling"/>; or</t>
        </li>
        <li>
          <t>S has to be deleted due to memory limitations, in which case the peer ought to delete the oldest completed EDHOC session first.</t>
        </li>
      </ul>
      <section anchor="handling-of-incoming-edhoc-error-messages">
        <name>Handling of Incoming EDHOC Error Messages</name>
        <t><xref section="5.1" sectionFormat="of" target="RFC9528"/> defines that an EDHOC session is completed after having successfully processed the last message, i.e., message_3 or message_4, depending on the application profile used (see <xref section="3.9" sectionFormat="of" target="RFC9528"/>). It follows that:</t>
        <ul spacing="normal">
          <li>
            <t>The Responder completes a session after successfully processing the incoming EDHOC message_3, if EDHOC message_4 is not used, or after sending EDHOC message_4 otherwise.</t>
          </li>
          <li>
            <t>The Initiator completes a session after successfully processing the incoming EDHOC message_4, if EDHOC message_4 is used, or after sending EDHOC message_3 otherwise.</t>
          </li>
        </ul>
        <t>Furthermore, <xref section="6" sectionFormat="of" target="RFC9528"/> defines EDHOC error messages and the processing associated with the initial set of error codes. According to <xref section="5.1" sectionFormat="of" target="RFC9528"/>, after an EDHOC session is completed, no EDHOC error messages are sent, and the EDHOC session output may be maintained even if EDHOC error messages are received.</t>
        <t>That is, an implementation has a lot of latitude about handling incoming EDHOC error messages that pertain to a completed EDHOC session.</t>
        <t>In general, a safe approach simply consists in aborting the completed EDHOC session, thereby deleting the corresponding output such as derived application keys. If the reception of EDHOC error messages at a given peer is still plausible, this is actually an appropriate course of action for that peer. An example is the case where the Responder sends EDHOC message_4, and it receives an EDHOC error message as a follow-up from the Initiator that rejected EDHOC message_4.</t>
        <t>However, there are indeed cases where it is not plausible anymore to receive EDHOC error messages pertaining to a completed EDHOC session. Such EDHOC error messages can be safely ignored as irrelevant and possibly resulting from an attack, thereby preserving the EDHOC session output such as derived application keys. An example is the case where the Responder successfully processes the incoming EDHOC message_3 and, at the same time, EDHOC message_4 is not used.</t>
        <t>To provide more concrete guidance, the rest of this section considers the case where the following applies:</t>
        <ul spacing="normal">
          <li>
            <t>"application keys" stands for the keying material and parameters that compose an OSCORE Security Context <xref target="RFC8613"/>, i.e., when specifically those application keys are derived from an EDHOC session (see <xref section="A.1" sectionFormat="of" target="RFC9528"/>).</t>
          </li>
          <li>
            <t>EDHOC messages are transferred over CoAP <xref target="RFC7252"/> using the forward message flow (see <xref section="A.2" sectionFormat="of" target="RFC9528"/>), i.e., the EDHOC Responder acts as a CoAP server and the EDHOC Initiator acts as a CoAP client.</t>
          </li>
        </ul>
        <t>Building on the above, the following holds for the EDHOC Responder.</t>
        <ul spacing="normal">
          <li>
            <t>If EDHOC message_4 is not used, the Responder completes the EDHOC session after successfully processing the incoming EDHOC message_3. In this case, no further EDHOC messages are supposed to be exchanged in the session.  </t>
            <t>
Consequently, the Responder can safely set the EDHOC session to ignore any incoming EDHOC error message pertaining to the session from then on, thereby preserving the OSCORE Security Context derived from the session.</t>
          </li>
          <li>
            <t>If EDHOC message_4 is used, the Responder completes the EDHOC session after sending EDHOC message_4.  </t>
            <t>
After that, it remains generally appropriate for the Responder to abort the EDHOC session in the event that the Responder receives an EDHOC error message pertaining to the session. In particular, the EDHOC error message might have been legitimately sent by the Initiator that failed to process EDHOC message_4.  </t>
            <t>
However, the Responder can safely set the EDHOC session to ignore any incoming EDHOC error message pertaining to the session from then on, after successfully processing an incoming OSCORE-protected message received from the Initiator. Similarly to the case previously discussed, this preserves the OSCORE Security Context derived from the session, in the event that the Responder receives EDHOC error messages.</t>
          </li>
        </ul>
        <t>Also building on the above, the following holds for the EDHOC Initiator.</t>
        <ul spacing="normal">
          <li>
            <t>If EDHOC message_4 is used, the Initiator completes a session after successfully processing the incoming EDHOC message_4. In this case, no further EDHOC messages are supposed to be exchanged in the session.  </t>
            <t>
Consequently, the Initiator can safely set the EDHOC session to ignore any incoming EDHOC error message pertaining to the session from then on, thereby preserving the OSCORE Security Context derived from the session.</t>
          </li>
          <li>
            <t>If EDHOC message_4 is not used, the Initiator completes a session after sending EDHOC message_3.  </t>
            <t>
After that, it remains generally appropriate for the Initiator to abort the EDHOC session in the event that the Initiator receives an EDHOC error message pertaining to the session. In particular, the EDHOC error message might have been legitimately sent by the Responder that failed to process EDHOC message_3.  </t>
            <t>
If an active adversary injects an EDHOC error message intended to the Initiator and pertaining to the EDHOC session, the Initiator would effectively receive and process that message only during a specific time interval, i.e., from when the Initiator sends EDHOC message_3 until when the Initiator frees up the CoAP Token value used in the CoAP request message that conveyed EDHOC message_3.  </t>
            <t>
However, the Initiator can safely set the EDHOC session to ignore any incoming EDHOC error message pertaining to the session, after successfully processing an incoming OSCORE-protected message received from the Responder. Similarly to the case previously discussed, this preserves the OSCORE Security Context derived from the session, in the event that the Initiator receives EDHOC error messages.</t>
          </li>
        </ul>
        <t>Following the reception and successful verification for the first time of an OSCORE-protected message using the OSCORE Security Context derived from a completed EDHOC session, a recipient EDHOC peer has different ways for setting the session to ignore pertaining EDHOC error messages from then on.</t>
        <t>Some approaches can be easier and more appealing to use than others, depending on the specific EDHOC implementation and its integration with the communication stack. As an example, two possible approaches are described below:</t>
        <ul spacing="normal">
          <li>
            <t>The OSCORE library used or an OSCORE layer that takes part in the communication stack can be aware that an OSCORE Security Context CTX was derived from an EDHOC session S.  </t>
            <t>
In such a case, after receiving and successfully verifying for the first time an OSCORE-protected message using CTX, the OSCORE library/layer on the recipient EDHOC peer can effectively set the EDHOC session S to ignore any incoming EDHOC error message pertaining to the session from then on.</t>
          </li>
          <li>
            <t>When receiving an EDHOC error message pertaining to a completed EDHOC session, EDHOC can check whether the session is set to ignore pertaining EDHOC error messages. If that is the case, the received EDHOC error message is ignored.  </t>
            <t>
Otherwise, EDHOC checks whether the OSCORE Security Context CTX derived from the EDHOC session has been used at least once for successfully verifying an incoming OSCORE-protected message from the other EDHOC peer (e.g., by checking the Replay Window within the Recipient Context of CTX).  </t>
            <t>
In the case that CTX has not been used yet, the received EDHOC error message is processed as usual, i.e., the EDHOC session is aborted and CTX is deleted. Instead, in the case that CTX has been used at least once for successfully verifying an incoming OSCORE-protected message from the other EDHOC peer, the EDHOC error message is ignored and EDHOC sets the EDHOC session to ignore pertaining EDHOC error messages from then on.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="sec-trust-models">
      <name>Trust Policies for Learning New Authentication Credentials</name>
      <t>A peer P relies on authentication credentials associated with other peers, in order to authenticate those peers when running EDHOC with them.</t>
      <t>There are different ways for P to acquire an authentication credential CRED associated with another peer. For example, CRED can be supplied to P out-of-band by a trusted provider.</t>
      <t>Alternatively, CRED can be specified by the other peer during the EDHOC execution with P. This can rely on EDHOC message_2 or message_3, whose respective ID_CRED_R and ID_CRED_I field can specify CRED by value, or instead a URI or other external reference where CRED can be retrieved from (see <xref section="3.5.3" sectionFormat="of" target="RFC9528"/>).</t>
      <t>Also during the EDHOC execution, an External Authorization Data (EAD) field might include an EAD item that specifies CRED by value, or instead a URI or other external reference where CRED can be retrieved from. This is the case, e.g., for an EAD item defined by the EDHOC and OSCORE profile of the ACE framework <xref target="I-D.ietf-ace-edhoc-oscore-profile"/>. In particular, the EAD item is used for transporting an access token, which in turn specifies by value or by reference the public authentication credential associated with the EDHOC peer acting as ACE client.</t>
      <t>When obtaining a new credential CRED, the peer P has to validate it before storing it. The validation steps to perform depend on the specific type of CRED (e.g., a public key certificate <xref target="RFC5280"/><xref target="I-D.ietf-cose-cbor-encoded-cert"/>) and can rely on (the authentication credential associated with) a trusted third party acting as a trust anchor.</t>
      <t>Upon retrieving a new CRED through the processing of a received EDHOC message and following the successful validation of CRED, the peer P stores CRED only if it assesses CRED to also be (provisionally) trusted, while it must not store CRED otherwise.</t>
      <t>An exception applies for the two unauthenticated operations described in <xref section="D.5" sectionFormat="of" target="RFC9528"/>, where a trust relationship with an unknown or not-yet-trusted endpoint is established later. In such a case, CRED is verified out-of-band at a later stage, or an EDHOC session key is bound to an identity out-of-band at a later stage.</t>
      <t>When processing a received EDHOC message M that specifies an authentication credential CRED, the peer P can enforce one of the trust policies LEARNING and NO-LEARNING specified in <xref target="sec-policy-learning"/> and <xref target="sec-policy-no-learning"/>, in order to determine whether to trust CRED.</t>
      <t><xref target="tab-trust-policies"/> provides a summary of the behavior of P about accepting CRED, for different trust policies. Provisional trust on CRED has to be later confirmed, e.g., by information that vouches for CRED and is conveyed within an EDHOC message received during the EDHOC session (e.g., transported by an EAD item).</t>
      <table align="center" anchor="tab-trust-policies">
        <name>Summary about Accepting the Authentication Credential CRED Associated with the Other Peer in an EDHOC Session, for Different Trust Policies.</name>
        <thead>
          <tr>
            <th align="left"> </th>
            <th align="left">CRED is not new (already stored)</th>
            <th align="left">CRED is new
(not already stored)</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">LEARNING policy</td>
            <td align="left">Accept,<br/>if still valid<br/>and trusted.</td>
            <td align="left">Accept, if valid and therefore (provisionally) trusted.</td>
          </tr>
          <tr>
            <td align="left">NO-LEARNING policy, without <br/> acceptable exception</td>
            <td align="left">Accept,<br/>if still valid<br/>and trusted.</td>
            <td align="left">Do not accept.</td>
          </tr>
          <tr>
            <td align="left">NO-LEARNING policy, with <br/> acceptable exception</td>
            <td align="left">Accept,<br/>if still valid<br/>and trusted.</td>
            <td align="left">Accept, if valid and<br/>(provisionally) trusted.</td>
          </tr>
        </tbody>
      </table>
      <t>Irrespective of the adopted trust policy, P actually uses CRED only if it is determined to be fine to use in the context of the ongoing EDHOC session, also depending on the specific identity of the other peer (see Sections <xref target="RFC9528" section="3.5" sectionFormat="bare"/> and <xref target="RFC9528" section="D.2" sectionFormat="bare"/> of <xref target="RFC9528"/>). If this is not the case, P aborts the EDHOC session with the other peer.</t>
      <t>If P stores CRED, then P will consider CRED as valid and trusted until:</t>
      <ul spacing="normal">
        <li>
          <t>CRED possibly becomes invalid, e.g., because it expires or because P gains knowledge that it has been revoked; or</t>
        </li>
        <li>
          <t>CRED becomes non-trusted, e.g., because P originally assessed CRED to be provisionally trusted, and later on failed to obtain an expected final confirmation of trust.</t>
        </li>
      </ul>
      <t>P must delete CRED from its local storage if CRED becomes invalid or non-trusted.</t>
      <t>When storing CRED, the peer P should generate the authentication credential identifier(s) corresponding to CRED and store them as associated with CRED. For example, if CRED is a public key certificate, an identifier of CRED can be the hash of the certificate. In general, P should generate and associate with CRED one corresponding identifier for each type of authentication credential identifier that P supports and that is compatible with CRED.</t>
      <t>In future executions of EDHOC with the other peer associated with CRED, this allows such other peer to specify CRED by reference, e.g., by indicating its credential identifier as ID_CRED_R/ID_CRED_I in the EDHOC message_2 or message_3 addressed to the peer P. In turn, this allows P to retrieve CRED from its local storage.</t>
      <section anchor="sec-policy-learning">
        <name>Trust Policy LEARNING</name>
        <t>When enforcing the LEARNING policy, the peer P trusts CRED even if P is not already storing CRED at message reception time.</t>
        <t>That is, upon receiving M, the peer P performs the following steps.</t>
        <ol spacing="normal" type="1"><li>
            <t>P retrieves CRED, as specified by reference or by value in the ID_CRED_I/ID_CRED_R field of M or in the value of an EAD item of M.</t>
          </li>
          <li>
            <t>P checks whether CRED is already being stored and if it is still valid and trusted. In such a case, P trusts CRED and can continue the EDHOC execution. Otherwise, P moves to Step 3.</t>
          </li>
          <li>
            <t>P attempts to validate CRED. If the validation process is not successful, P aborts the EDHOC session with the other peer. Otherwise, P trusts and stores CRED, and can continue the EDHOC execution.</t>
          </li>
        </ol>
      </section>
      <section anchor="sec-policy-no-learning">
        <name>Trust Policy NO-LEARNING</name>
        <t>When enforcing the NO-LEARNING policy, the peer P trusts CRED only if P is already storing CRED at message reception time, unless in cases where situation-specific exceptions apply and are deliberately enforced (see below).</t>
        <t>That is, upon receiving M, the peer P continues the execution of EDHOC only if both the following conditions hold:</t>
        <ul spacing="normal">
          <li>
            <t>P currently stores CRED, as specified by reference or by value in the ID_CRED_I/ID_CRED_R field of M or in the value of an EAD item of M; and</t>
          </li>
          <li>
            <t>CRED is still valid (i.e., P believes CRED to not be expired or revoked) and trusted.</t>
          </li>
        </ul>
        <t>Exceptions may apply and be actually enforced in cases where, during an EDHOC execution, P obtains additional information that allows it to trust and successfully validate CRED, even though P was not already storing CRED when receiving M.</t>
        <t>Such exceptions typically rely on a trusted party that vouches for CRED, e.g., in the cases discussed in <xref target="sec-trust-models-specific"/>. From the point of view of the peer P, the trusted party might have been involved in the background, so that the vouching information about CRED is conveyed within an EDHOC message received during the EDHOC session (e.g., transported by an EAD item). Alternatively, P might directly interact with the trusted party for retrieving the vouching information about CRED, e.g., after having received M and before continuing the EDHOC execution.</t>
        <t>If the peer P admits such an exception and actually enforces it on an authentication credential CRED, then P effectively handles CRED according to the trust policy "LEARNING" specified in <xref target="sec-policy-learning"/>. When doing so, P still attempts to validate CRED, and it aborts the EDHOC session if the validation process is not successful.</t>
      </section>
      <section anchor="sec-trust-models-specific">
        <name>Enforcement of Trust Policies in Specific Scenarios</name>
        <t>The following subsections discuss how an EDHOC peer enforces the trust policies LEARNING and NO-LEARNING in specific scenarios.</t>
        <section anchor="sec-trust-models-ace-prof">
          <name>In the EDHOC and OSCORE Profile of ACE</name>
          <t>As discussed in <xref target="sec-keys-token-invalid"/>, two EDHOC peers can be using the ACE framework <xref target="RFC9200"/> and specifically the EDHOC and OSCORE profile of ACE defined in <xref target="I-D.ietf-ace-edhoc-oscore-profile"/>.</t>
          <t>In this case, one of the two EDHOC peers, namely PEER_RS, acts as ACE resource server (RS). Instead, the other EDHOC peer, namely PEER_C, acts as ACE client and obtains from an ACE authorization server (AS) an access token for accessing protected resources at PEER_RS. The AS and PEER_RS are in a trust relationship.</t>
          <t>Together with other information, the access token specifies (by value or by reference) the public authentication credential AUTH_CRED_C associated with PEER_C that PEER_C is going to use when running EDHOC with PEER_RS. Note that AUTH_CRED_C will be used as either CRED_I or CRED_R in EDHOC, depending on whether the two peers use the EDHOC forward message flow (i.e., PEER_C is the EDHOC Initiator) or the EDHOC reverse message flow (i.e., PEER_C is the EDHOC Responder), respectively (see <xref section="A.2" sectionFormat="of" target="RFC9528"/>).</t>
          <t>When the AS issues the first access token that specifies AUTH_CRED_C and is intended to be uploaded to PEER_RS, it is expected that the access token specifies AUTH_CRED_C by value and that PEER_RS is not currently storing AUTH_CRED_C, but instead will obtain it and learn it upon receiving the access token.</t>
          <t>Although the AS can upload the access token to PEER_RS on behalf of PEER_C as per the alternative SDC workflow defined in <xref target="I-D.ietf-ace-workflow-and-params"/>, the access token is typically uploaded to PEER_RS by PEER_C through a dedicated EAD item, when running EDHOC with PEER_RS. The specific EDHOC message that includes the EAD item conveying the access token depends on whether the two peers use the EDHOC forward message flow or the EDHOC reverse message flow.</t>
          <t>Consequently, PEER_RS has to learn AUTH_CRED_C as a new authentication credential during an EDHOC session with PEER_C.</t>
          <t>At least for its EDHOC resource used for exchanging the EDHOC messages of the EDHOC session in question, this requires PEER_RS to:</t>
          <ul spacing="normal">
            <li>
              <t>Enforce the trust policy "LEARNING"; or</t>
            </li>
            <li>
              <t>If enforcing the trust policy "NO-LEARNING", additionally enforce an overriding exception when an incoming EDHOC message includes an EAD item specifying a valid access token issued by a trusted AS.  </t>
              <t>
That is, through a successful verification of the access token, PEER_RS is able to trust AUTH_CRED_C (if found valid), even though it was not already storing AUTH_CRED_C when receiving the EDHOC message with the EAD item.</t>
            </li>
          </ul>
        </section>
        <section anchor="sec-trust-models-ela">
          <name>In the Lightweight Authorization using EDHOC (ELA) Procedure</name>
          <t>When the execution of EDHOC embeds the ELA procedure defined in <xref target="I-D.ietf-lake-authz"/>, the EDHOC peer U receives an EDHOC message_2 (message_3) where ID_CRED_R (ID_CRED_I) specifies by value the authentication credential CRED associated with the other peer V.</t>
          <t>Furthermore, an EDHOC message sent to U includes an EAD item, which specifies a voucher issued by a trusted enrollment server W. The voucher is an assertion to U that W has authorized V and has endorsed CRED.</t>
          <t>The specific EDHOC message that includes the EAD item conveying the voucher depends on whether U and V use the EDHOC forward message flow (i.e., U is the EDHOC Initiator) or the EDHOC reverse message flow (i.e., U is the EDHOC Responder). In particular:</t>
          <ul spacing="normal">
            <li>
              <t>When using the EDHOC forward message flow, the EAD item is included in EDHOC message_4, thereby endorsing CRED that was specified by ID_CRED_R in the previous EDHOC message_2.  </t>
              <t>
Since it is indeed expected that U is not already storing CRED upon receiving EDHOC message_2, U can at best provisionally trust CRED (if found valid) when retrieving it from EDHOC message_2.</t>
            </li>
            <li>
              <t>When using the EDHOC reverse message flow, the EAD item is included in EDHOC message_3, thereby endorsing CRED that is specified by ID_CRED_I in the same EDHOC message.</t>
            </li>
          </ul>
          <t>In either case, through a successful verification of the voucher, U is able to ultimately trust CRED (if found valid), even though U was not already storing CRED upon receiving the EDHOC message specifying CRED.</t>
          <t>Therefore, if U enforces the trust policy "NO-LEARNING", it can additionally enforce an overriding exception as below:</t>
          <ul spacing="normal">
            <li>
              <t>When using the EDHOC forward message flow, the exception is enforced when processing an EDHOC message_2, and it is raised by the intention of using the ELA procedure. That is, U intends to proceed with sending a consistent EDHOC message_3 that indicates the wish to obtain a voucher issued by W.  </t>
              <t>
At that point in time, the authentication credential CRED is only provisionally trusted (if found valid), with the expectation to receive an EDHOC message_4 in the same EDHOC session, conveying a valid voucher issued by W and thus confirming that CRED can be ultimately trusted.</t>
            </li>
            <li>
              <t>When using the EDHOC reverse message flow, the exception is enforced when processing an EDHOC message_3, and it is raised by the EDHOC message_3 including an EAD item that conveys a valid voucher issued by W, thus confirming that CRED can be ultimately trusted.</t>
            </li>
          </ul>
        </section>
      </section>
    </section>
    <section anchor="sec-message-side-processing">
      <name>Side Processing of Incoming EDHOC Messages</name>
      <t>This section describes an approach that EDHOC peers can use upon receiving EDHOC messages, in order to fetch/validate authentication credentials and to process External Authorization Data (EAD) items.</t>
      <t>The transport mechanism provided by EDHOC for conveying EAD items is defined in <xref section="3.8" sectionFormat="of" target="RFC9528"/>. In particular, an EDHOC message_x can include one dedicated EAD field EAD_x, for x = 1, 2, 3, or 4. In turn, an EAD field can include one or more EAD items.</t>
      <t>As per <xref section="9.1" sectionFormat="of" target="RFC9528"/>, specifications defining those EAD items have to set the ground for "agreeing on the surrounding context and the meaning of the information passed to and from the application".</t>
      <t>The approach described in this section aims to help implementers navigate the surrounding context mentioned above, irrespective of the specific EAD items conveyed in the EDHOC messages. In particular, the described approach takes into account the following points:</t>
      <ul spacing="normal">
        <li>
          <t>The fetching and validation of the authentication credential associated with the other peer relies on ID_CRED_I in EDHOC message_2, or on ID_CRED_R in EDHOC message_3, or on the value of an EAD item. When this occurs upon receiving EDHOC message_2 or message_3, the decryption of the EDHOC message has to be completed first.  </t>
          <t>
Validating the authentication credential or assessing whether it is trusted might depend on using the value of an EAD item, which in turn has to be validated first.</t>
        </li>
        <li>
          <t>It is possible that some EAD items can be processed only after having successfully verified the EDHOC message, i.e., after a successful verification of the Signature_or_MAC field in EDHOC message_2 or message_3.  </t>
          <t>
For instance, an EAD item within the EAD_3 field of EDHOC message_3 might contain a Certificate Signing Request (CSR) <xref target="RFC2986"/>. Hence, such an EAD item can be processed only once the recipient peer has attained proof that the other peer possesses its own private key.</t>
        </li>
      </ul>
      <t>In order to conveniently handle such processing, the application can prepare in advance a "side-processor object" (SPO), which takes care of the operations above during the EDHOC execution.</t>
      <t>In particular, the application provides EDHOC with the SPO before starting an EDHOC execution, during which EDHOC will temporarily transfer control to the SPO at the right point in time, in order to perform the required side-processing of an incoming EDHOC message.</t>
      <t>Furthermore, the application has to instruct the SPO about:</t>
      <ul spacing="normal">
        <li>
          <t>How to prepare any EAD item such that: it has to be included in the EAD field of an outgoing EDHOC message, possibly together with other EAD items; and it is independent of the processing of other EAD items included in incoming EDHOC messages. This includes, for instance, the preparation of padding EAD items (see <xref section="3.8.1" sectionFormat="of" target="RFC9528"/>).</t>
        </li>
        <li>
          <t>The list of one or more EAD items that are expected to be present within the dedicated EAD field of specific, incoming EDHOC messages during the EDHOC session. This takes into account, for instance, external security applications that will be integrated in the EDHOC session (e.g., see <xref target="I-D.ietf-lake-authz"/>).  </t>
          <t>
Throughout the EDHOC session, the SPO keeps such a list of expected EAD items up-to-date. This takes into account, for instance, external security applications that have been run integrated in the EDHOC session, the current status of the session, as well as the EDHOC messages that have been exchanged during the session and the outcome of their processing.</t>
        </li>
      </ul>
      <t>At the right point in time during the processing of an incoming EDHOC message M at the peer P, EDHOC invokes the SPO and provides it with the following input:</t>
      <ul spacing="normal">
        <li>
          <t>When M is EDHOC message_2 or message_3, an indication of whether this invocation is happening before or after the message verification (i.e., before or after having verified the Signature_or_MAC field).</t>
        </li>
        <li>
          <t>The full set of information related to the current EDHOC session. This especially includes the selected cipher suite and the ephemeral Diffie-Hellman public keys G_X and G_Y that the two peers have exchanged in the EDHOC session.</t>
        </li>
        <li>
          <t>The authentication credentials that the peer P stores as associated with other peers.</t>
        </li>
        <li>
          <t>All the decrypted information elements retrieved from M.</t>
        </li>
        <li>
          <t>The EAD items included in M.  </t>
          <ul spacing="normal">
            <li>
              <t>Note that EDHOC might do some preliminary work on M before invoking the SPO, in order to provide the SPO only with actually relevant EAD items. This requires the application to additionally provide EDHOC with the ead_labels of the EAD items that the peer P recognizes (see <xref section="3.8" sectionFormat="of" target="RFC9528"/>).      </t>
              <t>
With such information available, EDHOC can early abort the current session if M includes any EAD item which is both critical and not recognized by the peer P.      </t>
              <t>
If no such EAD items are found, EDHOC can remove any padding EAD item (see <xref section="3.8.1" sectionFormat="of" target="RFC9528"/>), as well as any EAD item which is neither critical nor recognized (since the SPO is going to ignore it anyway). This results in EDHOC providing the SPO only with EAD items that will be recognized and that require actual processing.</t>
            </li>
            <li>
              <t>Note that, after having processed the EAD items, the SPO might actually need to store them throughout the whole EDHOC execution, e.g., in order to refer to them also when processing later EDHOC messages in the current EDHOC session.</t>
            </li>
          </ul>
        </li>
      </ul>
      <t>The SPO performs the following tasks on an incoming EDHOC message M:</t>
      <ul spacing="normal">
        <li>
          <t>The SPO checks whether M does not include an EAD item whose presence was expected, based on the related list maintained throughout the EDHOC session. If such an EAD item is absent, the SPO can come to an early determination about whether and how to proceed with the processing of M.  </t>
          <t>
In particular, if an EAD item is absent although its presence was strictly required, then the SPO can early abort the EDHOC session, thereby avoiding potentially costly operations (e.g., the retrieval and validation of the authentication credential associated with the other peer).</t>
        </li>
        <li>
          <t>The SPO fetches and/or validates the authentication credential CRED associated with the other peer, based on a dedicated EAD item of M or on the ID_CRED field of M (for EDHOC message_2 or message_3).</t>
        </li>
        <li>
          <t>The SPO processes the EAD items conveyed in the EAD field of M.</t>
        </li>
        <li>
          <t>The SPO stores the results of the performed operations and makes such results available to the application.</t>
        </li>
        <li>
          <t>When the SPO has completed its side processing and transfers control back to EDHOC, the SPO provides EDHOC with the produced EAD items to include in the EAD field of the next outgoing EDHOC message. The production of such EAD items can be triggered, e.g., by:  </t>
          <ul spacing="normal">
            <li>
              <t>The consumption of EAD items included in M.</t>
            </li>
            <li>
              <t>The execution of instructions that the SPO has received from the application, concerning EAD items to produce irrespective of other EAD items included in M.</t>
            </li>
          </ul>
        </li>
      </ul>
      <t>In the following, <xref target="sec-message-side-processing-m1"/> to <xref target="sec-message-side-processing-m2-m3"/> describe more in detail the actions performed by the SPO on the different incoming EDHOC messages. Then, <xref target="sec-consistency-checks-auth-creds"/> describes further special handling of incoming EDHOC messages, as to consistency checks concerning authentication credentials in particular situations.</t>
      <t>After completing the EDHOC execution, control is transferred back to the application. In particular, the application is provided with the overall outcome of the EDHOC execution (i.e., successful completion or failure), together with possible specific results produced by the SPO throughout the EDHOC execution (e.g., due to the processing of EAD items).</t>
      <t>After that, the application might need to perform follow-up actions, depending on the outcome of the EDHOC execution. For example, the SPO might have preliminarily filled application-level data structures, as a result of processing EAD items. In the case of a successful EDHOC execution, the application might need to finalize such data structures. Instead, in the case of an unsuccessful EDHOC execution, the application might need to clean-up or amend such data structures, or even roll back what the SPO did, unless the SPO already performed such actions before control was transferred back to the application.</t>
      <section anchor="sec-message-side-processing-m1">
        <name>EDHOC message_1</name>
        <t>During the processing of an incoming EDHOC message_1, EDHOC invokes the SPO only once, after the Responder peer has successfully decoded the message and accepted the selected cipher suite.</t>
        <t>If the EAD_1 field is present, the SPO processes the EAD items included therein.</t>
        <t>Once all such EAD items have been processed, the SPO transfers control back to EDHOC. When doing so, the SPO also provides EDHOC with any produced EAD items to include in the EAD field of the next outgoing EDHOC message.</t>
        <t>Then, EDHOC resumes its execution and advances its protocol state.</t>
        <t>Future extensions of EDHOC or external security applications integrated into EDHOC might require a processing of EDHOC message_1 that is more advanced than the currently expected one. In particular, an EAD item conveyed in EDHOC message_1 might specify the authentication credential CRED associated with the Initiator (by value or by reference), as wrapped in a cryptographically protected "envelope". In such a case, the processing of an incoming EDHOC message_1 shares similarities with that of an incoming EDHOC message_2 or message_3 (see <xref target="sec-message-side-processing-m2-m3"/>), as it is further elaborated in <xref target="sec-message-side-processing-m1-advanced"/>.</t>
      </section>
      <section anchor="sec-message-side-processing-m4">
        <name>EDHOC message_4</name>
        <t>During the processing of an incoming EDHOC message_4, EDHOC invokes the SPO only once, after the Initiator peer has successfully decrypted the message.</t>
        <t>If the EAD_4 field is present, the SPO processes the EAD items included therein.</t>
        <t>Once all such EAD items have been processed, the SPO transfers control back to EDHOC, which resumes its execution and advances its protocol state.</t>
      </section>
      <section anchor="sec-message-side-processing-m2-m3">
        <name>EDHOC message_2 and message_3</name>
        <t>The following refers to "message_X" as an incoming EDHOC message_2 or message_3, and to "message verification" as the verification of Signature_or_MAC_X in message_X.</t>
        <t>During the processing of a message_X, EDHOC invokes the SPO two times:</t>
        <ul spacing="normal">
          <li>
            <t>Right after message_X has been decrypted and before its verification starts. Following this invocation, the SPO performs the actions described in <xref target="sec-pre-verif"/>.</t>
          </li>
          <li>
            <t>Right after message_X has been successfully verified. Following this invocation, the SPO performs the actions described in <xref target="sec-post-verif"/>.</t>
          </li>
        </ul>
        <t>The flowcharts in <xref target="sec-m2-m3-flowcharts"/> show the high-level interaction between the core EDHOC processing and the SPO, as well as the different steps taken for processing an incoming message_X.</t>
        <section anchor="sec-pre-verif">
          <name>Pre-Verification Side Processing</name>
          <t>The pre-verification side processing occurs in two sequential phases, namely PHASE_1 (see <xref target="sec-pre-verif-phase-1"/>) and PHASE_2 (see <xref target="sec-pre-verif-phase-2"/>).</t>
          <section anchor="sec-pre-verif-phase-1">
            <name>PHASE_1</name>
            <t>During PHASE_1, the SPO at the recipient peer P determines CRED, i.e., the authentication credential associated with the other peer to be used in the ongoing EDHOC session. In particular, the SPO first checks whether expected EAD items are absent in message_X (see <xref target="sec-message-side-processing"/>), and then performs the following steps.</t>
            <ol spacing="normal" type="1"><li>
                <t>The SPO determines CRED based on ID_CRED_X or on an EAD item included in message_X.  </t>
                <t>
Those may specify CRED by value or by reference, including a URI or other external reference where CRED can be retrieved from.  </t>
                <t>
If CRED is already stored, the SPO moves to Step 2. Otherwise, the SPO moves to Step 3.</t>
              </li>
              <li>
                <t>The SPO determines if the stored CRED is currently trusted and valid, e.g., by verifying that CRED has not expired and has not been revoked.  </t>
                <t>
Performing such a validation might require the SPO to first process an EAD item included in message_X. For example, it can be an EAD item in EDHOC message_2 that confirms or revokes the validity of CRED_R specified by ID_CRED_R, as the result of an OCSP process <xref target="RFC6960"/>.  </t>
                <t>
In the case that CRED is determined to be valid, the SPO moves to Step 9. Otherwise, the SPO moves to Step 11.</t>
              </li>
              <li>
                <t>The SPO attempts to retrieve CRED via ID_CRED_X or an EAD item considered at Step 1. Then, the SPO moves to Step 4.</t>
              </li>
              <li>
                <t>If the retrieval of CRED has succeeded, the SPO moves to Step 5. Otherwise, the SPO moves to Step 11.</t>
              </li>
              <li>
                <t>If the enforced trust policy for new authentication credentials is "NO-LEARNING" and P does not admit any exceptions that are acceptable to enforce for message_X (see <xref target="sec-policy-no-learning"/>), the SPO moves to Step 11. Otherwise, the SPO moves to Step 6.</t>
              </li>
              <li>
                <t>If this step has been reached, the peer P is not already storing the retrieved CRED and, at the same time, it enforces either the trust policy "LEARNING" or the trust policy "NO-LEARNING" while also enforcing an exception acceptable for message_X (see <xref target="sec-policy-no-learning"/>).  </t>
                <t>
Consistent with that, the SPO determines if CRED is currently valid, e.g., by verifying that CRED has not expired and has not been revoked.  </t>
                <t>
Validating CRED might require the SPO to first process an EAD item included in message_X. For example, it can be an OCSP response <xref target="RFC6960"/> for validating CRED_R as a public key certificate transported by value or reference in ID_CRED_R.  </t>
                <t>
After successfully validating CRED, the peer P can typically consider CRED as ultimately trusted as well. However, there can be cases where P requires to obtain additional information before doing so.  </t>
                <t>
If such additional information can be retrieved from message_X (e.g., from an EAD item included therein), then P uses it to assess if CRED is trusted. Otherwise, if such additional information is expected later on during the EDHOC session, it can be acceptable for P to consider CRED as provisionally trusted.  </t>
                <t><xref target="sec-trust-models-ela"/> discusses the ELA procedure defined in <xref target="I-D.ietf-lake-authz"/>, as a case in point where additional information required by the peer P to trust CRED could not be included in the same message that specifies CRED.  </t>
                <t>
After completing the validation and trust assessment of CRED, the SPO moves to Step 7.</t>
              </li>
              <li>
                <t>If CRED has been determined valid and (provisionally) trusted, the SPO moves to Step 8. Otherwise, the SPO moves to Step 11.</t>
              </li>
              <li>
                <t>The SPO stores CRED as a valid and (provisionally) trusted authentication credential associated with the other peer, together with corresponding authentication credential identifiers (see <xref target="sec-trust-models"/>). Then, the SPO moves to Step 9.</t>
              </li>
              <li>
                <t>The SPO checks if CRED is fine to use in the context of the ongoing EDHOC session, also depending on the specific identity of the other peer (see Sections <xref target="RFC9528" section="3.5" sectionFormat="bare"/> and <xref target="RFC9528" section="D.2" sectionFormat="bare"/> of <xref target="RFC9528"/>).  </t>
                <t>
If this is the case, the SPO moves to Step 10. Otherwise, the SPO moves to Step 11.</t>
              </li>
              <li>
                <t>P uses CRED as authentication credential associated with the other peer in the ongoing EDHOC session.  </t>
                <t>
Then, PHASE_1 ends and the pre-verification side processing moves to the next PHASE_2 (see <xref target="sec-pre-verif-phase-2"/>).</t>
              </li>
              <li>
                <t>The SPO has not found a valid and (provisionally) trusted authentication credential associated with the other peer that can be used in the ongoing EDHOC session. Therefore, the EDHOC session with the other peer is aborted.</t>
              </li>
            </ol>
          </section>
          <section anchor="sec-pre-verif-phase-2">
            <name>PHASE_2</name>
            <t>During PHASE_2, the SPO processes any EAD item included in message_X such that both the following conditions hold:</t>
            <ul spacing="normal">
              <li>
                <t>The EAD item has <em>not</em> already been processed during PHASE_1.</t>
              </li>
              <li>
                <t>The EAD item can be processed before performing the verification of message_X.</t>
              </li>
            </ul>
            <t>Once all such EAD items have been processed, the SPO transfers control back to EDHOC, which either aborts the ongoing EDHOC session or continues the processing of message_X with its corresponding message verification.</t>
          </section>
        </section>
        <section anchor="sec-post-verif">
          <name>Post-Verification Side Processing</name>
          <t>During the post-verification side processing, the SPO processes any EAD item included in message_X such that the processing of that EAD item had to wait for completing the successful message verification.</t>
          <t>The late processing of such EAD items is typically due to the fact that a pre-requirement has to be fulfilled first.</t>
          <t>For example, the recipient peer P has to have first verified that the other peer does possess the private key corresponding to the public key specified by CRED, i.e., the authentication credential associated with the other peer that was determined during the pre-verification side processing (see <xref target="sec-pre-verif"/>). This requirement is fulfilled after a successful verification of message_X.</t>
          <t>Once all such EAD items have been processed, the SPO transfers control back to EDHOC. When doing so, the SPO also provides EDHOC with any produced EAD items to include in the EAD field of the next outgoing EDHOC message.</t>
          <t>Then, EDHOC resumes its execution and advances its protocol state.</t>
        </section>
        <section anchor="sec-m2-m3-flowcharts">
          <name>Flowcharts</name>
          <t>The flowchart in <xref target="fig-flowchart-spo-high-level"/> shows the high-level interaction between the core EDHOC processing and the SPO, with particular reference to an incoming EDHOC message_2 or message_3.</t>
          <figure anchor="fig-flowchart-spo-high-level">
            <name>High-Level Interaction Between the Core EDHOC Processing and the Side-Processor Object (SPO), for Incoming EDHOC message_2 and message_3.</name>
            <artset>
              <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="848" width="576" viewBox="0 0 576 848" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,128 L 8,384" fill="none" stroke="black"/>
                  <path d="M 8,512 L 8,832" fill="none" stroke="black"/>
                  <path d="M 24,176 L 24,224" fill="none" stroke="black"/>
                  <path d="M 24,560 L 24,800" fill="none" stroke="black"/>
                  <path d="M 56,96 L 56,168" fill="none" stroke="black"/>
                  <path d="M 64,288 L 64,336" fill="none" stroke="black"/>
                  <path d="M 120,176 L 120,224" fill="none" stroke="black"/>
                  <path d="M 144,344 L 144,552" fill="none" stroke="black"/>
                  <path d="M 160,176 L 160,224" fill="none" stroke="black"/>
                  <path d="M 176,232 L 176,280" fill="none" stroke="black"/>
                  <path d="M 184,288 L 184,336" fill="none" stroke="black"/>
                  <path d="M 224,288 L 224,336" fill="none" stroke="black"/>
                  <path d="M 240,344 L 240,552" fill="none" stroke="black"/>
                  <path d="M 248,560 L 248,800" fill="none" stroke="black"/>
                  <path d="M 296,176 L 296,224" fill="none" stroke="black"/>
                  <path d="M 296,560 L 296,608" fill="none" stroke="black"/>
                  <path d="M 336,344 L 336,552" fill="none" stroke="black"/>
                  <path d="M 392,288 L 392,336" fill="none" stroke="black"/>
                  <path d="M 400,176 L 400,224" fill="none" stroke="black"/>
                  <path d="M 416,232 L 416,552" fill="none" stroke="black"/>
                  <path d="M 488,608 L 488,640" fill="none" stroke="black"/>
                  <path d="M 536,176 L 536,224" fill="none" stroke="black"/>
                  <path d="M 536,560 L 536,608" fill="none" stroke="black"/>
                  <path d="M 568,128 L 568,384" fill="none" stroke="black"/>
                  <path d="M 568,512 L 568,832" fill="none" stroke="black"/>
                  <path d="M 8,128 L 48,128" fill="none" stroke="black"/>
                  <path d="M 64,128 L 568,128" fill="none" stroke="black"/>
                  <path d="M 24,176 L 120,176" fill="none" stroke="black"/>
                  <path d="M 160,176 L 296,176" fill="none" stroke="black"/>
                  <path d="M 400,176 L 536,176" fill="none" stroke="black"/>
                  <path d="M 128,192 L 152,192" fill="none" stroke="black"/>
                  <path d="M 24,224 L 120,224" fill="none" stroke="black"/>
                  <path d="M 160,224 L 296,224" fill="none" stroke="black"/>
                  <path d="M 400,224 L 536,224" fill="none" stroke="black"/>
                  <path d="M 64,288 L 184,288" fill="none" stroke="black"/>
                  <path d="M 224,288 L 392,288" fill="none" stroke="black"/>
                  <path d="M 64,336 L 184,336" fill="none" stroke="black"/>
                  <path d="M 224,336 L 392,336" fill="none" stroke="black"/>
                  <path d="M 8,384 L 136,384" fill="none" stroke="black"/>
                  <path d="M 152,384 L 232,384" fill="none" stroke="black"/>
                  <path d="M 248,384 L 328,384" fill="none" stroke="black"/>
                  <path d="M 344,384 L 408,384" fill="none" stroke="black"/>
                  <path d="M 424,384 L 568,384" fill="none" stroke="black"/>
                  <path d="M 8,512 L 136,512" fill="none" stroke="black"/>
                  <path d="M 152,512 L 232,512" fill="none" stroke="black"/>
                  <path d="M 248,512 L 328,512" fill="none" stroke="black"/>
                  <path d="M 344,512 L 408,512" fill="none" stroke="black"/>
                  <path d="M 424,512 L 568,512" fill="none" stroke="black"/>
                  <path d="M 24,560 L 248,560" fill="none" stroke="black"/>
                  <path d="M 296,560 L 536,560" fill="none" stroke="black"/>
                  <path d="M 296,608 L 480,608" fill="none" stroke="black"/>
                  <path d="M 496,608 L 536,608" fill="none" stroke="black"/>
                  <path d="M 256,640 L 312,640" fill="none" stroke="black"/>
                  <path d="M 432,640 L 480,640" fill="none" stroke="black"/>
                  <path d="M 24,800 L 248,800" fill="none" stroke="black"/>
                  <path d="M 8,832 L 568,832" fill="none" stroke="black"/>
                  <polygon class="arrowhead" points="424,232 412,226.4 412,237.6" fill="black" transform="rotate(270,416,232)"/>
                  <polygon class="arrowhead" points="344,552 332,546.4 332,557.6" fill="black" transform="rotate(90,336,552)"/>
                  <polygon class="arrowhead" points="248,344 236,338.4 236,349.6" fill="black" transform="rotate(270,240,344)"/>
                  <polygon class="arrowhead" points="184,280 172,274.4 172,285.6" fill="black" transform="rotate(90,176,280)"/>
                  <polygon class="arrowhead" points="160,192 148,186.4 148,197.6" fill="black" transform="rotate(0,152,192)"/>
                  <polygon class="arrowhead" points="152,552 140,546.4 140,557.6" fill="black" transform="rotate(90,144,552)"/>
                  <polygon class="arrowhead" points="64,168 52,162.4 52,173.6" fill="black" transform="rotate(90,56,168)"/>
                  <circle cx="248" cy="640" r="6" class="opendot" fill="white" stroke="black"/>
                  <circle cx="488" cy="608" r="6" class="opendot" fill="white" stroke="black"/>
                  <circle cx="488" cy="640" r="6" class="opendot" fill="white" stroke="black"/>
                  <g class="text">
                    <text x="36" y="36">Incoming</text>
                    <text x="24" y="52">EDHOC</text>
                    <text x="88" y="52">message_X</text>
                    <text x="12" y="68">(X</text>
                    <text x="32" y="68">=</text>
                    <text x="48" y="68">2</text>
                    <text x="68" y="68">or</text>
                    <text x="92" y="68">3)</text>
                    <text x="404" y="148">Core</text>
                    <text x="448" y="148">EDHOC</text>
                    <text x="516" y="148">processing</text>
                    <text x="60" y="196">Decode</text>
                    <text x="204" y="196">Retrieve</text>
                    <text x="256" y="196">the</text>
                    <text x="440" y="196">Advance</text>
                    <text x="488" y="196">the</text>
                    <text x="72" y="212">message_X</text>
                    <text x="204" y="212">protocol</text>
                    <text x="264" y="212">state</text>
                    <text x="444" y="212">protocol</text>
                    <text x="504" y="212">state</text>
                    <text x="104" y="308">Decrypt</text>
                    <text x="260" y="308">Verify</text>
                    <text x="124" y="324">CIPHERTEXT_X</text>
                    <text x="308" y="324">Signature_or_MAC_X</text>
                    <text x="496" y="420">.................</text>
                    <text x="108" y="436">Divert</text>
                    <text x="208" y="436">Get</text>
                    <text x="300" y="436">Divert</text>
                    <text x="384" y="436">Get</text>
                    <text x="432" y="436">:</text>
                    <text x="456" y="436">EAD</text>
                    <text x="496" y="436">items</text>
                    <text x="560" y="436">:</text>
                    <text x="212" y="452">back</text>
                    <text x="388" y="452">back</text>
                    <text x="432" y="452">:</text>
                    <text x="456" y="452">for</text>
                    <text x="488" y="452">the</text>
                    <text x="524" y="452">next</text>
                    <text x="560" y="452">:</text>
                    <text x="432" y="468">:</text>
                    <text x="464" y="468">EDHOC</text>
                    <text x="520" y="468">message</text>
                    <text x="560" y="468">:</text>
                    <text x="496" y="484">:...............:</text>
                    <text x="44" y="580">a)</text>
                    <text x="80" y="580">Check</text>
                    <text x="136" y="580">whether</text>
                    <text x="204" y="580">expected</text>
                    <text x="348" y="580">Processing</text>
                    <text x="404" y="580">of</text>
                    <text x="72" y="596">EAD</text>
                    <text x="112" y="596">items</text>
                    <text x="152" y="596">are</text>
                    <text x="196" y="596">absent</text>
                    <text x="376" y="596">post-verification</text>
                    <text x="464" y="596">EAD</text>
                    <text x="504" y="596">items</text>
                    <text x="44" y="612">b)</text>
                    <text x="96" y="612">Retrieval</text>
                    <text x="152" y="612">and</text>
                    <text x="100" y="628">validation</text>
                    <text x="156" y="628">of</text>
                    <text x="200" y="628">CRED_X;</text>
                    <text x="44" y="644">c)</text>
                    <text x="80" y="644">Trust</text>
                    <text x="148" y="644">assessment</text>
                    <text x="348" y="644">Shared</text>
                    <text x="400" y="644">state</text>
                    <text x="68" y="660">of</text>
                    <text x="112" y="660">CRED_X;</text>
                    <text x="44" y="676">d)</text>
                    <text x="100" y="676">Processing</text>
                    <text x="156" y="676">of</text>
                    <text x="404" y="676">......................</text>
                    <text x="124" y="692">pre-verification</text>
                    <text x="320" y="692">:</text>
                    <text x="380" y="692">Instructions</text>
                    <text x="456" y="692">about</text>
                    <text x="488" y="692">:</text>
                    <text x="72" y="708">EAD</text>
                    <text x="112" y="708">items</text>
                    <text x="320" y="708">:</text>
                    <text x="344" y="708">EAD</text>
                    <text x="384" y="708">items</text>
                    <text x="420" y="708">to</text>
                    <text x="488" y="708">:</text>
                    <text x="320" y="724">:</text>
                    <text x="392" y="724">unconditionally</text>
                    <text x="488" y="724">:</text>
                    <text x="40" y="740">-</text>
                    <text x="64" y="740">(b)</text>
                    <text x="96" y="740">and</text>
                    <text x="128" y="740">(d)</text>
                    <text x="168" y="740">might</text>
                    <text x="212" y="740">have</text>
                    <text x="320" y="740">:</text>
                    <text x="360" y="740">produce</text>
                    <text x="408" y="740">for</text>
                    <text x="440" y="740">the</text>
                    <text x="488" y="740">:</text>
                    <text x="60" y="756">to</text>
                    <text x="96" y="756">occur</text>
                    <text x="132" y="756">in</text>
                    <text x="180" y="756">parallel</text>
                    <text x="320" y="756">:</text>
                    <text x="348" y="756">next</text>
                    <text x="392" y="756">EDHOC</text>
                    <text x="448" y="756">message</text>
                    <text x="488" y="756">:</text>
                    <text x="40" y="772">-</text>
                    <text x="64" y="772">(c)</text>
                    <text x="112" y="772">depends</text>
                    <text x="156" y="772">on</text>
                    <text x="184" y="772">the</text>
                    <text x="404" y="772">:....................:</text>
                    <text x="72" y="788">trust</text>
                    <text x="124" y="788">policy</text>
                    <text x="172" y="788">used</text>
                    <text x="396" y="820">Side-Processor</text>
                    <text x="484" y="820">Object</text>
                    <text x="536" y="820">(SPO)</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art" align="center"><![CDATA[
Incoming
EDHOC message_X
(X = 2 or 3)

      |
      |
+-----|---------------------------------------------------------------+
|     |                                         Core EDHOC processing |
|     v                                                               |
| +-----------+    +----------------+            +----------------+   |
| | Decode    |--->| Retrieve the   |            | Advance the    |   |
| | message_X |    | protocol state |            | protocol state |   |
| +-----------+    +----------------+            +----------------+   |
|                    |                             ^                  |
|                    |                             |                  |
|                    v                             |                  |
|      +--------------+    +--------------------+  |                  |
|      | Decrypt      |    | Verify             |  |                  |
|      | CIPHERTEXT_X |    | Signature_or_MAC_X |  |                  |
|      +--------------+    +--------------------+  |                  |
|                |           ^           |         |                  |
|                |           |           |         |                  |
+----------------|-----------|-----------|---------|------------------+
                 |           |           |         |
                 |           |           |         | .................
          Divert |      Get  |    Divert |    Get  | : EAD items     :
                 |      back |           |    back | : for the next  :
                 |           |           |         | : EDHOC message :
                 |           |           |         | :...............:
                 |           |           |         |
+----------------|-----------|-----------|---------|------------------+
|                |           |           |         |                  |
|                v           |           v         |                  |
| +---------------------------+     +-----------------------------+   |
| | a) Check whether expected |     | Processing of               |   |
| |    EAD items are absent   |     | post-verification EAD items |   |
| | b) Retrieval and          |     +-----------------------o-----+   |
| |    validation of CRED_X;  |                             |         |
| | c) Trust assessment       o-------- Shared state -------o         |
| |    of CRED_X;             |                                       |
| | d) Processing of          |        ......................         |
| |    pre-verification       |        : Instructions about :         |
| |    EAD items              |        : EAD items to       :         |
| |                           |        : unconditionally    :         |
| | - (b) and (d) might have  |        : produce for the    :         |
| |   to occur in parallel    |        : next EDHOC message :         |
| | - (c) depends on the      |        :....................:         |
| |   trust policy used       |                                       |
| +---------------------------+                                       |
|                                         Side-Processor Object (SPO) |
+---------------------------------------------------------------------+
]]></artwork>
            </artset>
          </figure>
          <t>The flowchart in <xref target="fig-flowchart-spo-low-level"/> shows the different steps taken for processing an incoming EDHOC message_2 and message_3.</t>
          <figure anchor="fig-flowchart-spo-low-level">
            <name>Processing Steps for Incoming EDHOC message_2 and message_3.</name>
            <artset>
              <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="2560" width="576" viewBox="0 0 576 2560" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                  <path d="M 8,512 L 8,1552" fill="none" stroke="black"/>
                  <path d="M 8,1600 L 8,1728" fill="none" stroke="black"/>
                  <path d="M 8,2080 L 8,2320" fill="none" stroke="black"/>
                  <path d="M 16,144 L 16,176" fill="none" stroke="black"/>
                  <path d="M 16,240 L 16,288" fill="none" stroke="black"/>
                  <path d="M 16,352 L 16,384" fill="none" stroke="black"/>
                  <path d="M 16,1904 L 16,1936" fill="none" stroke="black"/>
                  <path d="M 16,2496 L 16,2544" fill="none" stroke="black"/>
                  <path d="M 24,560 L 24,608" fill="none" stroke="black"/>
                  <path d="M 24,672 L 24,752" fill="none" stroke="black"/>
                  <path d="M 24,864 L 24,928" fill="none" stroke="black"/>
                  <path d="M 24,1024 L 24,1104" fill="none" stroke="black"/>
                  <path d="M 24,1392 L 24,1520" fill="none" stroke="black"/>
                  <path d="M 24,1648 L 24,1696" fill="none" stroke="black"/>
                  <path d="M 24,2128 L 24,2176" fill="none" stroke="black"/>
                  <path d="M 24,2240 L 24,2288" fill="none" stroke="black"/>
                  <path d="M 88,96 L 88,136" fill="none" stroke="black"/>
                  <path d="M 88,184 L 88,232" fill="none" stroke="black"/>
                  <path d="M 88,296 L 88,344" fill="none" stroke="black"/>
                  <path d="M 88,392 L 88,416" fill="none" stroke="black"/>
                  <path d="M 88,496 L 88,552" fill="none" stroke="black"/>
                  <path d="M 88,616 L 88,664" fill="none" stroke="black"/>
                  <path d="M 88,760 L 88,856" fill="none" stroke="black"/>
                  <path d="M 88,936 L 88,1016" fill="none" stroke="black"/>
                  <path d="M 88,1112 L 88,1384" fill="none" stroke="black"/>
                  <path d="M 88,1528 L 88,1640" fill="none" stroke="black"/>
                  <path d="M 88,1704 L 88,1776" fill="none" stroke="black"/>
                  <path d="M 88,1856 L 88,1896" fill="none" stroke="black"/>
                  <path d="M 88,1944 L 88,1984" fill="none" stroke="black"/>
                  <path d="M 88,2064 L 88,2120" fill="none" stroke="black"/>
                  <path d="M 88,2184 L 88,2232" fill="none" stroke="black"/>
                  <path d="M 88,2296 L 88,2368" fill="none" stroke="black"/>
                  <path d="M 88,2448 L 88,2488" fill="none" stroke="black"/>
                  <path d="M 152,2496 L 152,2544" fill="none" stroke="black"/>
                  <path d="M 168,864 L 168,928" fill="none" stroke="black"/>
                  <path d="M 168,1904 L 168,1936" fill="none" stroke="black"/>
                  <path d="M 176,144 L 176,176" fill="none" stroke="black"/>
                  <path d="M 176,240 L 176,288" fill="none" stroke="black"/>
                  <path d="M 176,352 L 176,384" fill="none" stroke="black"/>
                  <path d="M 176,1392 L 176,1520" fill="none" stroke="black"/>
                  <path d="M 192,1024 L 192,1104" fill="none" stroke="black"/>
                  <path d="M 200,672 L 200,752" fill="none" stroke="black"/>
                  <path d="M 224,144 L 224,384" fill="none" stroke="black"/>
                  <path d="M 224,560 L 224,608" fill="none" stroke="black"/>
                  <path d="M 248,672 L 248,752" fill="none" stroke="black"/>
                  <path d="M 248,864 L 248,1056" fill="none" stroke="black"/>
                  <path d="M 248,1088 L 248,1424" fill="none" stroke="black"/>
                  <path d="M 296,800 L 296,856" fill="none" stroke="black"/>
                  <path d="M 296,1280 L 296,1328" fill="none" stroke="black"/>
                  <path d="M 296,1392 L 296,1520" fill="none" stroke="black"/>
                  <path d="M 320,1064 L 320,1272" fill="none" stroke="black"/>
                  <path d="M 320,1336 L 320,1384" fill="none" stroke="black"/>
                  <path d="M 344,864 L 344,1056" fill="none" stroke="black"/>
                  <path d="M 368,672 L 368,752" fill="none" stroke="black"/>
                  <path d="M 384,2240 L 384,2288" fill="none" stroke="black"/>
                  <path d="M 392,2128 L 392,2176" fill="none" stroke="black"/>
                  <path d="M 408,864 L 408,976" fill="none" stroke="black"/>
                  <path d="M 416,672 L 416,752" fill="none" stroke="black"/>
                  <path d="M 416,1152 L 416,1216" fill="none" stroke="black"/>
                  <path d="M 416,2080 L 416,2320" fill="none" stroke="black"/>
                  <path d="M 432,760 L 432,800" fill="none" stroke="black"/>
                  <path d="M 480,1648 L 480,1696" fill="none" stroke="black"/>
                  <path d="M 512,760 L 512,856" fill="none" stroke="black"/>
                  <path d="M 512,984 L 512,1144" fill="none" stroke="black"/>
                  <path d="M 512,1224 L 512,1272" fill="none" stroke="black"/>
                  <path d="M 528,672 L 528,752" fill="none" stroke="black"/>
                  <path d="M 544,1152 L 544,1216" fill="none" stroke="black"/>
                  <path d="M 552,864 L 552,976" fill="none" stroke="black"/>
                  <path d="M 552,1280 L 552,1328" fill="none" stroke="black"/>
                  <path d="M 552,1392 L 552,1520" fill="none" stroke="black"/>
                  <path d="M 568,512 L 568,1552" fill="none" stroke="black"/>
                  <path d="M 568,1600 L 568,1728" fill="none" stroke="black"/>
                  <path d="M 16,144 L 176,144" fill="none" stroke="black"/>
                  <path d="M 200,144 L 224,144" fill="none" stroke="black"/>
                  <path d="M 16,176 L 176,176" fill="none" stroke="black"/>
                  <path d="M 16,240 L 176,240" fill="none" stroke="black"/>
                  <path d="M 224,256 L 248,256" fill="none" stroke="black"/>
                  <path d="M 16,288 L 176,288" fill="none" stroke="black"/>
                  <path d="M 16,352 L 176,352" fill="none" stroke="black"/>
                  <path d="M 16,384 L 176,384" fill="none" stroke="black"/>
                  <path d="M 200,384 L 224,384" fill="none" stroke="black"/>
                  <path d="M 8,512 L 80,512" fill="none" stroke="black"/>
                  <path d="M 96,512 L 568,512" fill="none" stroke="black"/>
                  <path d="M 24,560 L 224,560" fill="none" stroke="black"/>
                  <path d="M 24,608 L 224,608" fill="none" stroke="black"/>
                  <path d="M 24,672 L 200,672" fill="none" stroke="black"/>
                  <path d="M 248,672 L 368,672" fill="none" stroke="black"/>
                  <path d="M 416,672 L 528,672" fill="none" stroke="black"/>
                  <path d="M 208,704 L 240,704" fill="none" stroke="black"/>
                  <path d="M 376,704 L 408,704" fill="none" stroke="black"/>
                  <path d="M 24,752 L 200,752" fill="none" stroke="black"/>
                  <path d="M 248,752 L 368,752" fill="none" stroke="black"/>
                  <path d="M 416,752 L 528,752" fill="none" stroke="black"/>
                  <path d="M 296,800 L 432,800" fill="none" stroke="black"/>
                  <path d="M 24,864 L 168,864" fill="none" stroke="black"/>
                  <path d="M 248,864 L 344,864" fill="none" stroke="black"/>
                  <path d="M 408,864 L 552,864" fill="none" stroke="black"/>
                  <path d="M 176,880 L 240,880" fill="none" stroke="black"/>
                  <path d="M 352,880 L 400,880" fill="none" stroke="black"/>
                  <path d="M 24,928 L 168,928" fill="none" stroke="black"/>
                  <path d="M 408,976 L 552,976" fill="none" stroke="black"/>
                  <path d="M 24,1024 L 192,1024" fill="none" stroke="black"/>
                  <path d="M 200,1040 L 240,1040" fill="none" stroke="black"/>
                  <path d="M 248,1056 L 344,1056" fill="none" stroke="black"/>
                  <path d="M 200,1088 L 248,1088" fill="none" stroke="black"/>
                  <path d="M 24,1104 L 192,1104" fill="none" stroke="black"/>
                  <path d="M 416,1152 L 544,1152" fill="none" stroke="black"/>
                  <path d="M 416,1216 L 544,1216" fill="none" stroke="black"/>
                  <path d="M 296,1280 L 552,1280" fill="none" stroke="black"/>
                  <path d="M 296,1328 L 552,1328" fill="none" stroke="black"/>
                  <path d="M 24,1392 L 176,1392" fill="none" stroke="black"/>
                  <path d="M 296,1392 L 552,1392" fill="none" stroke="black"/>
                  <path d="M 248,1424 L 288,1424" fill="none" stroke="black"/>
                  <path d="M 24,1520 L 176,1520" fill="none" stroke="black"/>
                  <path d="M 296,1520 L 552,1520" fill="none" stroke="black"/>
                  <path d="M 8,1552 L 80,1552" fill="none" stroke="black"/>
                  <path d="M 96,1552 L 568,1552" fill="none" stroke="black"/>
                  <path d="M 8,1600 L 80,1600" fill="none" stroke="black"/>
                  <path d="M 96,1600 L 568,1600" fill="none" stroke="black"/>
                  <path d="M 24,1648 L 480,1648" fill="none" stroke="black"/>
                  <path d="M 24,1696 L 480,1696" fill="none" stroke="black"/>
                  <path d="M 8,1728 L 80,1728" fill="none" stroke="black"/>
                  <path d="M 96,1728 L 568,1728" fill="none" stroke="black"/>
                  <path d="M 16,1904 L 168,1904" fill="none" stroke="black"/>
                  <path d="M 16,1936 L 168,1936" fill="none" stroke="black"/>
                  <path d="M 8,2080 L 80,2080" fill="none" stroke="black"/>
                  <path d="M 96,2080 L 416,2080" fill="none" stroke="black"/>
                  <path d="M 24,2128 L 392,2128" fill="none" stroke="black"/>
                  <path d="M 24,2176 L 392,2176" fill="none" stroke="black"/>
                  <path d="M 24,2240 L 384,2240" fill="none" stroke="black"/>
                  <path d="M 24,2288 L 384,2288" fill="none" stroke="black"/>
                  <path d="M 8,2320 L 80,2320" fill="none" stroke="black"/>
                  <path d="M 96,2320 L 416,2320" fill="none" stroke="black"/>
                  <path d="M 16,2496 L 152,2496" fill="none" stroke="black"/>
                  <path d="M 16,2544 L 152,2544" fill="none" stroke="black"/>
                  <polygon class="arrowhead" points="520,1272 508,1266.4 508,1277.6" fill="black" transform="rotate(90,512,1272)"/>
                  <polygon class="arrowhead" points="520,1144 508,1138.4 508,1149.6" fill="black" transform="rotate(90,512,1144)"/>
                  <polygon class="arrowhead" points="520,856 508,850.4 508,861.6" fill="black" transform="rotate(90,512,856)"/>
                  <polygon class="arrowhead" points="416,704 404,698.4 404,709.6" fill="black" transform="rotate(0,408,704)"/>
                  <polygon class="arrowhead" points="360,880 348,874.4 348,885.6" fill="black" transform="rotate(180,352,880)"/>
                  <polygon class="arrowhead" points="328,1384 316,1378.4 316,1389.6" fill="black" transform="rotate(90,320,1384)"/>
                  <polygon class="arrowhead" points="328,1064 316,1058.4 316,1069.6" fill="black" transform="rotate(270,320,1064)"/>
                  <polygon class="arrowhead" points="304,856 292,850.4 292,861.6" fill="black" transform="rotate(90,296,856)"/>
                  <polygon class="arrowhead" points="248,1040 236,1034.4 236,1045.6" fill="black" transform="rotate(0,240,1040)"/>
                  <polygon class="arrowhead" points="248,880 236,874.4 236,885.6" fill="black" transform="rotate(0,240,880)"/>
                  <polygon class="arrowhead" points="248,704 236,698.4 236,709.6" fill="black" transform="rotate(0,240,704)"/>
                  <polygon class="arrowhead" points="208,1088 196,1082.4 196,1093.6" fill="black" transform="rotate(180,200,1088)"/>
                  <polygon class="arrowhead" points="96,2488 84,2482.4 84,2493.6" fill="black" transform="rotate(90,88,2488)"/>
                  <polygon class="arrowhead" points="96,2368 84,2362.4 84,2373.6" fill="black" transform="rotate(90,88,2368)"/>
                  <polygon class="arrowhead" points="96,2232 84,2226.4 84,2237.6" fill="black" transform="rotate(90,88,2232)"/>
                  <polygon class="arrowhead" points="96,2120 84,2114.4 84,2125.6" fill="black" transform="rotate(90,88,2120)"/>
                  <polygon class="arrowhead" points="96,1984 84,1978.4 84,1989.6" fill="black" transform="rotate(90,88,1984)"/>
                  <polygon class="arrowhead" points="96,1896 84,1890.4 84,1901.6" fill="black" transform="rotate(90,88,1896)"/>
                  <polygon class="arrowhead" points="96,1776 84,1770.4 84,1781.6" fill="black" transform="rotate(90,88,1776)"/>
                  <polygon class="arrowhead" points="96,1640 84,1634.4 84,1645.6" fill="black" transform="rotate(90,88,1640)"/>
                  <polygon class="arrowhead" points="96,1384 84,1378.4 84,1389.6" fill="black" transform="rotate(90,88,1384)"/>
                  <polygon class="arrowhead" points="96,1016 84,1010.4 84,1021.6" fill="black" transform="rotate(90,88,1016)"/>
                  <polygon class="arrowhead" points="96,856 84,850.4 84,861.6" fill="black" transform="rotate(90,88,856)"/>
                  <polygon class="arrowhead" points="96,664 84,658.4 84,669.6" fill="black" transform="rotate(90,88,664)"/>
                  <polygon class="arrowhead" points="96,344 84,338.4 84,349.6" fill="black" transform="rotate(90,88,344)"/>
                  <polygon class="arrowhead" points="96,232 84,226.4 84,237.6" fill="black" transform="rotate(90,88,232)"/>
                  <polygon class="arrowhead" points="96,136 84,130.4 84,141.6" fill="black" transform="rotate(90,88,136)"/>
                  <g class="text">
                    <text x="52" y="36">Incoming</text>
                    <text x="40" y="52">EDHOC</text>
                    <text x="104" y="52">message_X</text>
                    <text x="28" y="68">(X</text>
                    <text x="48" y="68">=</text>
                    <text x="64" y="68">2</text>
                    <text x="84" y="68">or</text>
                    <text x="108" y="68">3)</text>
                    <text x="52" y="164">Decode</text>
                    <text x="120" y="164">message_X</text>
                    <text x="60" y="260">Retrieve</text>
                    <text x="112" y="260">the</text>
                    <text x="280" y="260">(Core</text>
                    <text x="328" y="260">EDHOC</text>
                    <text x="400" y="260">Processing)</text>
                    <text x="60" y="276">protocol</text>
                    <text x="120" y="276">state</text>
                    <text x="56" y="372">Decrypt</text>
                    <text x="128" y="372">message_X</text>
                    <text x="40" y="452">Control</text>
                    <text x="120" y="452">transferred</text>
                    <text x="180" y="452">to</text>
                    <text x="24" y="468">the</text>
                    <text x="100" y="468">side-processor</text>
                    <text x="188" y="468">object</text>
                    <text x="260" y="532">Pre-verification</text>
                    <text x="348" y="532">side</text>
                    <text x="412" y="532">processing</text>
                    <text x="496" y="532">(PHASE_1)</text>
                    <text x="56" y="580">Check</text>
                    <text x="112" y="580">whether</text>
                    <text x="180" y="580">expected</text>
                    <text x="48" y="596">EAD</text>
                    <text x="88" y="596">items</text>
                    <text x="128" y="596">are</text>
                    <text x="172" y="596">absent</text>
                    <text x="44" y="692">1.</text>
                    <text x="76" y="692">Does</text>
                    <text x="136" y="692">ID_CRED_X</text>
                    <text x="220" y="692">NO</text>
                    <text x="268" y="692">3.</text>
                    <text x="316" y="692">Retrieve</text>
                    <text x="436" y="692">4.</text>
                    <text x="460" y="692">Is</text>
                    <text x="488" y="692">the</text>
                    <text x="44" y="708">or</text>
                    <text x="68" y="708">an</text>
                    <text x="96" y="708">EAD</text>
                    <text x="132" y="708">item</text>
                    <text x="276" y="708">CRED</text>
                    <text x="312" y="708">via</text>
                    <text x="464" y="708">retrieval</text>
                    <text x="56" y="724">point</text>
                    <text x="92" y="724">to</text>
                    <text x="116" y="724">an</text>
                    <text x="160" y="724">already</text>
                    <text x="296" y="724">ID_CRED_X</text>
                    <text x="348" y="724">or</text>
                    <text x="436" y="724">of</text>
                    <text x="468" y="724">CRED</text>
                    <text x="60" y="740">stored</text>
                    <text x="112" y="740">CRED?</text>
                    <text x="268" y="740">an</text>
                    <text x="296" y="740">EAD</text>
                    <text x="332" y="740">item</text>
                    <text x="472" y="740">successful?</text>
                    <text x="452" y="788">NO</text>
                    <text x="536" y="788">YES</text>
                    <text x="112" y="836">YES</text>
                    <text x="188" y="868">NO</text>
                    <text x="384" y="868">YES</text>
                    <text x="44" y="884">2.</text>
                    <text x="68" y="884">Is</text>
                    <text x="100" y="884">this</text>
                    <text x="140" y="884">CRED</text>
                    <text x="272" y="884">11.</text>
                    <text x="312" y="884">Abort</text>
                    <text x="428" y="884">5.</text>
                    <text x="452" y="884">Is</text>
                    <text x="480" y="884">the</text>
                    <text x="520" y="884">trust</text>
                    <text x="56" y="900">still</text>
                    <text x="104" y="900">valid</text>
                    <text x="144" y="900">and</text>
                    <text x="272" y="900">the</text>
                    <text x="312" y="900">EDHOC</text>
                    <text x="444" y="900">policy</text>
                    <text x="492" y="900">used</text>
                    <text x="68" y="916">trusted?</text>
                    <text x="288" y="916">session</text>
                    <text x="476" y="916">"NO-LEARNING",</text>
                    <text x="448" y="932">without</text>
                    <text x="496" y="932">any</text>
                    <text x="460" y="948">acceptable</text>
                    <text x="464" y="964">exceptions?</text>
                    <text x="112" y="996">YES</text>
                    <text x="404" y="1012">Here</text>
                    <text x="440" y="1012">the</text>
                    <text x="480" y="1012">trust</text>
                    <text x="532" y="1012">NO</text>
                    <text x="212" y="1028">NO</text>
                    <text x="412" y="1028">policy</text>
                    <text x="460" y="1028">used</text>
                    <text x="492" y="1028">is</text>
                    <text x="44" y="1044">9.</text>
                    <text x="68" y="1044">Is</text>
                    <text x="100" y="1044">this</text>
                    <text x="140" y="1044">CRED</text>
                    <text x="432" y="1044">"LEARNING",</text>
                    <text x="492" y="1044">or</text>
                    <text x="52" y="1060">good</text>
                    <text x="84" y="1060">to</text>
                    <text x="112" y="1060">use</text>
                    <text x="140" y="1060">in</text>
                    <text x="168" y="1060">the</text>
                    <text x="440" y="1060">"NO-LEARNING"</text>
                    <text x="64" y="1076">context</text>
                    <text x="108" y="1076">of</text>
                    <text x="140" y="1076">this</text>
                    <text x="420" y="1076">together</text>
                    <text x="476" y="1076">with</text>
                    <text x="56" y="1092">EDHOC</text>
                    <text x="116" y="1092">session?</text>
                    <text x="396" y="1092">an</text>
                    <text x="452" y="1092">overriding</text>
                    <text x="424" y="1108">exception</text>
                    <text x="436" y="1172">6.</text>
                    <text x="476" y="1172">Assess</text>
                    <text x="516" y="1172">if</text>
                    <text x="444" y="1188">CRED</text>
                    <text x="476" y="1188">is</text>
                    <text x="512" y="1188">valid</text>
                    <text x="440" y="1204">and</text>
                    <text x="488" y="1204">trusted</text>
                    <text x="112" y="1252">YES</text>
                    <text x="340" y="1252">NO</text>
                    <text x="316" y="1300">7.</text>
                    <text x="340" y="1300">Is</text>
                    <text x="372" y="1300">CRED</text>
                    <text x="416" y="1300">valid</text>
                    <text x="456" y="1300">and</text>
                    <text x="368" y="1316">(provisionally)</text>
                    <text x="468" y="1316">trusted?</text>
                    <text x="344" y="1364">YES</text>
                    <text x="48" y="1412">10.</text>
                    <text x="100" y="1412">Continue</text>
                    <text x="148" y="1412">by</text>
                    <text x="316" y="1412">8.</text>
                    <text x="352" y="1412">Store</text>
                    <text x="396" y="1412">CRED</text>
                    <text x="428" y="1412">as</text>
                    <text x="464" y="1412">valid</text>
                    <text x="504" y="1412">and</text>
                    <text x="80" y="1428">considering</text>
                    <text x="148" y="1428">this</text>
                    <text x="368" y="1428">(provisionally)</text>
                    <text x="468" y="1428">trusted.</text>
                    <text x="52" y="1444">CRED</text>
                    <text x="84" y="1444">as</text>
                    <text x="112" y="1444">the</text>
                    <text x="92" y="1460">authentication</text>
                    <text x="324" y="1460">Pair</text>
                    <text x="364" y="1460">CRED</text>
                    <text x="404" y="1460">with</text>
                    <text x="468" y="1460">consistent</text>
                    <text x="76" y="1476">credential</text>
                    <text x="348" y="1476">credential</text>
                    <text x="444" y="1476">identifiers,</text>
                    <text x="512" y="1476">for</text>
                    <text x="76" y="1492">associated</text>
                    <text x="140" y="1492">with</text>
                    <text x="324" y="1492">each</text>
                    <text x="384" y="1492">supported</text>
                    <text x="444" y="1492">type</text>
                    <text x="476" y="1492">of</text>
                    <text x="48" y="1508">the</text>
                    <text x="88" y="1508">other</text>
                    <text x="132" y="1508">peer</text>
                    <text x="348" y="1508">credential</text>
                    <text x="440" y="1508">identifier.</text>
                    <text x="252" y="1620">Pre-verification</text>
                    <text x="340" y="1620">side</text>
                    <text x="404" y="1620">processing</text>
                    <text x="488" y="1620">(PHASE_2)</text>
                    <text x="64" y="1668">Process</text>
                    <text x="112" y="1668">the</text>
                    <text x="144" y="1668">EAD</text>
                    <text x="184" y="1668">items</text>
                    <text x="228" y="1668">that</text>
                    <text x="268" y="1668">have</text>
                    <text x="304" y="1668">not</text>
                    <text x="340" y="1668">been</text>
                    <text x="400" y="1668">processed</text>
                    <text x="456" y="1668">yet</text>
                    <text x="48" y="1684">and</text>
                    <text x="84" y="1684">that</text>
                    <text x="120" y="1684">can</text>
                    <text x="148" y="1684">be</text>
                    <text x="200" y="1684">processed</text>
                    <text x="268" y="1684">before</text>
                    <text x="328" y="1684">message</text>
                    <text x="412" y="1684">verification</text>
                    <text x="40" y="1812">Control</text>
                    <text x="120" y="1812">transferred</text>
                    <text x="188" y="1812">back</text>
                    <text x="20" y="1828">to</text>
                    <text x="48" y="1828">the</text>
                    <text x="84" y="1828">core</text>
                    <text x="128" y="1828">EDHOC</text>
                    <text x="196" y="1828">processing</text>
                    <text x="52" y="1924">Verify</text>
                    <text x="120" y="1924">message_X</text>
                    <text x="200" y="1924">(Core</text>
                    <text x="248" y="1924">EDHOC</text>
                    <text x="320" y="1924">processing)</text>
                    <text x="40" y="2020">Control</text>
                    <text x="120" y="2020">transferred</text>
                    <text x="180" y="2020">to</text>
                    <text x="24" y="2036">the</text>
                    <text x="100" y="2036">side-processor</text>
                    <text x="188" y="2036">object</text>
                    <text x="248" y="2100">Post-verification</text>
                    <text x="364" y="2100">processing</text>
                    <text x="64" y="2148">Process</text>
                    <text x="112" y="2148">the</text>
                    <text x="144" y="2148">EAD</text>
                    <text x="184" y="2148">items</text>
                    <text x="228" y="2148">that</text>
                    <text x="268" y="2148">have</text>
                    <text x="300" y="2148">to</text>
                    <text x="324" y="2148">be</text>
                    <text x="72" y="2164">processed</text>
                    <text x="140" y="2164">(also)</text>
                    <text x="192" y="2164">after</text>
                    <text x="248" y="2164">message</text>
                    <text x="332" y="2164">verification</text>
                    <text x="52" y="2260">Make</text>
                    <text x="88" y="2260">all</text>
                    <text x="120" y="2260">the</text>
                    <text x="168" y="2260">results</text>
                    <text x="212" y="2260">of</text>
                    <text x="240" y="2260">the</text>
                    <text x="272" y="2260">EAD</text>
                    <text x="332" y="2260">processing</text>
                    <text x="72" y="2276">available</text>
                    <text x="124" y="2276">to</text>
                    <text x="160" y="2276">build</text>
                    <text x="200" y="2276">the</text>
                    <text x="236" y="2276">next</text>
                    <text x="280" y="2276">EDHOC</text>
                    <text x="336" y="2276">message</text>
                    <text x="40" y="2404">Control</text>
                    <text x="120" y="2404">transferred</text>
                    <text x="188" y="2404">back</text>
                    <text x="20" y="2420">to</text>
                    <text x="48" y="2420">the</text>
                    <text x="84" y="2420">core</text>
                    <text x="128" y="2420">EDHOC</text>
                    <text x="196" y="2420">processing</text>
                    <text x="56" y="2516">Advance</text>
                    <text x="104" y="2516">the</text>
                    <text x="184" y="2516">(Core</text>
                    <text x="232" y="2516">EDHOC</text>
                    <text x="304" y="2516">processing)</text>
                    <text x="60" y="2532">protocol</text>
                    <text x="120" y="2532">state</text>
                  </g>
                </svg>
              </artwork>
              <artwork type="ascii-art" align="center"><![CDATA[
  Incoming
  EDHOC message_X
  (X = 2 or 3)

          |
          |
          v
 +-------------------+  ---+
 | Decode message_X  |     |
 +-------------------+     |
          |                |
          |                |
          v                |
 +-------------------+     |
 | Retrieve the      |     +--- (Core EDHOC Processing)
 | protocol state    |     |
 +-------------------+     |
          |                |
          |                |
          v                |
 +-------------------+     |
 | Decrypt message_X |     |
 +-------------------+  ---+
          |
          |

 Control transferred to
 the side-processor object

          |
+---------|-----------------------------------------------------------+
|         |             Pre-verification side processing (PHASE_1)    |
|         |                                                           |
| +------------------------+                                          |
| | Check whether expected |                                          |
| | EAD items are absent   |                                          |
| +------------------------+                                          |
|         |                                                           |
|         |                                                           |
|         v                                                           |
| +---------------------+     +--------------+     +-------------+    |
| | 1. Does ID_CRED_X   | NO  | 3. Retrieve  |     | 4. Is the   |    |
| | or an EAD item      |---->| CRED via     |---->| retrieval   |    |
| | point to an already |     | ID_CRED_X or |     | of CRED     |    |
| | stored CRED?        |     | an EAD item  |     | successful? |    |
| +---------------------+     +--------------+     +-------------+    |
|         |                                          |         |      |
|         |                                          | NO      | YES  |
|         |                         +----------------+         |      |
|         |                         |                          |      |
|         | YES                     |                          |      |
|         v                         v                          v      |
| +-----------------+ NO      +-----------+   YES +-----------------+ |
| | 2. Is this CRED |-------->| 11. Abort |<------| 5. Is the trust | |
| | still valid and |         | the EDHOC |       | policy used     | |
| | trusted?        |         | session   |       | "NO-LEARNING",  | |
| +-----------------+         |           |       | without any     | |
|         |                   |           |       | acceptable      | |
|         |                   |           |       | exceptions?     | |
|         |                   |           |       +-----------------+ |
|         | YES               |           |                    |      |
|         v                   |           |     Here the trust | NO   |
| +--------------------+ NO   |           |     policy used is |      |
| | 9. Is this CRED    |----->|           |     "LEARNING", or |      |
| | good to use in the |      +-----------+     "NO-LEARNING"  |      |
| | context of this    |               ^        together with  |      |
| | EDHOC session?     |<-----+        |        an overriding  |      |
| +--------------------+      |        |        exception      |      |
|         |                   |        |                       |      |
|         |                   |        |                       v      |
|         |                   |        |           +---------------+  |
|         |                   |        |           | 6. Assess if  |  |
|         |                   |        |           | CRED is valid |  |
|         |                   |        |           | and trusted   |  |
|         |                   |        |           +---------------+  |
|         |                   |        |                       |      |
|         | YES               |        | NO                    |      |
|         |                   |        |                       v      |
|         |                   |     +-------------------------------+ |
|         |                   |     | 7. Is CRED valid and          | |
|         |                   |     | (provisionally) trusted?      | |
|         |                   |     +-------------------------------+ |
|         |                   |        |                              |
|         |                   |        | YES                          |
|         v                   |        v                              |
| +------------------+        |     +-------------------------------+ |
| | 10. Continue by  |        |     | 8. Store CRED as valid and    | |
| | considering this |        +-----| (provisionally) trusted.      | |
| | CRED as the      |              |                               | |
| | authentication   |              | Pair CRED with consistent     | |
| | credential       |              | credential identifiers, for   | |
| | associated with  |              | each supported type of        | |
| | the other peer   |              | credential identifier.        | |
| +------------------+              +-------------------------------+ |
|         |                                                           |
+---------|-----------------------------------------------------------+
          |
          |
+---------|-----------------------------------------------------------+
|         |            Pre-verification side processing (PHASE_2)     |
|         v                                                           |
| +--------------------------------------------------------+          |
| | Process the EAD items that have not been processed yet |          |
| | and that can be processed before message verification  |          |
| +--------------------------------------------------------+          |
|         |                                                           |
+---------|-----------------------------------------------------------+
          |
          |
          v

 Control transferred back
 to the core EDHOC processing

          |
          |
          v
 +------------------+
 | Verify message_X | (Core EDHOC processing)
 +------------------+
          |
          |
          v

 Control transferred to
 the side-processor object

          |
+---------|----------------------------------------+
|         |           Post-verification processing |
|         v                                        |
| +---------------------------------------------+  |
| | Process the EAD items that have to be       |  |
| | processed (also) after message verification |  |
| +---------------------------------------------+  |
|         |                                        |
|         |                                        |
|         v                                        |
| +--------------------------------------------+   |
| | Make all the results of the EAD processing |   |
| | available to build the next EDHOC message  |   |
| +--------------------------------------------+   |
|         |                                        |
+---------|----------------------------------------+
          |
          |
          v

 Control transferred back
 to the core EDHOC processing

          |
          |
          v
 +----------------+
 | Advance the    | (Core EDHOC processing)
 | protocol state |
 +----------------+
]]></artwork>
            </artset>
          </figure>
        </section>
      </section>
      <section anchor="sec-consistency-checks-auth-creds">
        <name>Consistency Checks of Authentication Credentials from ID_CRED and EAD Items</name>
        <t>Typically, an EDHOC peer specifies its associated authentication credential (by value or by reference) only in the ID_CRED field of EDHOC message_2 (if acting as Responder) or EDHOC message_3 (if acting as Initiator).</t>
        <t>In addition to that, there may be cases where an EDHOC peer provides the authentication credential also in an EAD item. In particular, such an EAD item can specify a cryptographically protected "envelope" (by value or by reference), which in turn specifies the authentication credential (by value or by reference).</t>
        <t>A case in point is the EDHOC and OSCORE profile of the ACE framework <xref target="I-D.ietf-ace-edhoc-oscore-profile"/>, where the envelope in question is an access token issued to the ACE client. In such a case, the ACE client can rely on an EAD item specifying the access token, which in turn specifies the authentication credential (by value or by reference) associated with the client.</t>
        <t>During an EDHOC session, an EDHOC peer P1 might therefore receive the authentication credential CRED associated with the other EDHOC peer P2 as specified by two items:</t>
        <ul spacing="normal">
          <li>
            <t>ITEM_A: the ID_CRED field specifying CRED. If P2 acts as Initiator (Responder), then ITEM_A is the ID_CRED_I (ID_CRED_R) field.</t>
          </li>
          <li>
            <t>ITEM_B: the envelope specified in an EAD item within an EDHOC message sent by P2.</t>
          </li>
        </ul>
        <t>As part of the process where P1 validates CRED during the EDHOC session, P1 must check that both ITEM_A and ITEM_B specify the same authentication credential, and it must abort the EDHOC session if such a consistency check fails.</t>
        <t>The consistency check is successful only if one of the following conditions holds, and it fails otherwise:</t>
        <ul spacing="normal">
          <li>
            <t>If both ITEM_A and ITEM_B specify an authentication credential by value, then both ITEM_A and ITEM_B specify the same value.</t>
          </li>
          <li>
            <t>If one among ITEM_A and ITEM_B specifies an authentication credential by value VALUE while the other one specifies an authentication credential by reference REF, then REF is a valid reference for VALUE.</t>
          </li>
          <li>
            <t>If ITEM_A specifies an authentication credential by reference REF_A and ITEM_B specifies an authentication credential by reference REF_B, then REF_A or REF_B allows to retrieving the value VALUE of an authentication credential from a local or remote storage, such that both REF_A and REF_B are a valid reference for VALUE.</t>
          </li>
        </ul>
        <t>The peer P1 performs the consistency check above as soon as it has both ITEM_A and ITEM_B available. If P1 acts as Responder, that is the case when processing the incoming EDHOC message_3. If P1 acts as Initiator, that is the case when processing the incoming EDHOC message_2 or message_4, i.e., whichever of the two messages includes ITEM_B in an EAD item of its EAD field.</t>
      </section>
    </section>
    <section anchor="sec-block-wise">
      <name>Using EDHOC over CoAP with Block-Wise</name>
      <t><xref section="A.2" sectionFormat="of" target="RFC9528"/> specifies how to transfer EDHOC over CoAP <xref target="RFC7252"/>. In such a case, EDHOC messages (possibly prepended by an EDHOC connection identifier) are transported in the payload of CoAP requests and responses, according to the EDHOC forward message flow or the EDHOC reverse message flow. Furthermore, <xref section="A.1" sectionFormat="of" target="RFC9528"/> specifies how to derive an OSCORE Security Context <xref target="RFC8613"/> from an EDHOC session.</t>
      <t>Building on that, <xref target="RFC9668"/> further details the use of EDHOC with CoAP and OSCORE. In particular, it specifies an optimization approach for the EDHOC forward message flow that combines the EDHOC execution with the first subsequent OSCORE transaction. This is achieved by means of an "EDHOC + OSCORE request", i.e., a single CoAP request message that conveys both EDHOC message_3 of the ongoing EDHOC session and the OSCORE-protected application data, where the latter is protected with the OSCORE Security Context derived from that EDHOC session.</t>
      <t>This section provides guidelines and recommendations for CoAP endpoints supporting Block-wise transfers for CoAP <xref target="RFC7959"/> and specifically for CoAP clients supporting the EDHOC + OSCORE request defined in <xref target="RFC9668"/>. The use of Block-wise transfers can be desirable, e.g., for EDHOC messages that include a large ID_CRED_I or ID_CRED_R, or that include a large EAD field.</t>
      <t>The following especially considers a CoAP endpoint that may perform only "inner" Block-wise, but not "outer" Block-wise operations (see <xref section="4.1.3.4" sectionFormat="of" target="RFC8613"/>). That is, the considered CoAP endpoint does not (further) split an OSCORE-protected message like an intermediary (e.g., a proxy) might do. This is the typical case for CoAP endpoints using OSCORE (see <xref section="4.1.3.4" sectionFormat="of" target="RFC8613"/>).</t>
      <section anchor="notation">
        <name>Notation</name>
        <t>The rest of this section refers to the following notation:</t>
        <ul spacing="normal">
          <li>
            <t>SIZE_BODY: the size in bytes of the data to be transmitted with CoAP. When Block-wise is used, such data is referred to as the "body" to be fragmented into blocks, each of which to be transmitted in one CoAP message.  </t>
            <t>
With the exception pertaining to EDHOC message_3 described in the following paragraph, the considered body can in general be an EDHOC message, possibly prepended by an EDHOC connection identifier encoded as per <xref section="3.3" sectionFormat="of" target="RFC9528"/>.  </t>
            <t>
When specifically using the EDHOC + OSCORE request, the considered body is the application data to be protected with OSCORE, (whose first block is) to be sent together with EDHOC message_3 as part of the EDHOC + OSCORE request.</t>
          </li>
          <li>
            <t>SIZE_EDHOC_M3: the size in bytes of EDHOC message_3, if this is sent as part of the EDHOC + OSCORE request. Otherwise, the size in bytes of EDHOC message_3, plus, if included, the size in bytes of a prepended EDHOC connection identifier encoded as per <xref section="3.3" sectionFormat="of" target="RFC9528"/>.</t>
          </li>
          <li>
            <t>SIZE_MTU: the maximum amount of transmittable bytes before having to use Block-wise. This is, for example, 64 KiB as maximum datagram size when using UDP, or 1280 bytes as the maximum size for an IPv6 MTU.</t>
          </li>
          <li>
            <t>SIZE_OH: the size in bytes of the overall overhead due to all the communication layers underlying the application. This takes into account also the overhead introduced by the OSCORE processing.</t>
          </li>
          <li>
            <t>LIMIT = (SIZE_MTU - SIZE_OH): the practical maximum size in bytes to be considered by the application before using Block-wise.</t>
          </li>
          <li>
            <t>SIZE_BLOCK: the size in bytes of inner blocks.</t>
          </li>
          <li>
            <t>ceil(): the ceiling function.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-block-wise-pre-req">
        <name>Pre-requirements for the EDHOC + OSCORE Request</name>
        <t>Before sending an EDHOC + OSCORE request, a CoAP client has to perform the following checks. Note that, while the CoAP client is able to fragment the plain application data before any OSCORE processing, it cannot fragment the EDHOC + OSCORE request or the EDHOC message_3 added therein.</t>
        <ul spacing="normal">
          <li>
            <t>If inner Block-wise is not used, hence SIZE_BODY &lt;= LIMIT, the CoAP client must verify whether all the following conditions hold:  </t>
            <ul spacing="normal">
              <li>
                <t>COND1: SIZE_EDHOC_M3 &lt;= LIMIT</t>
              </li>
              <li>
                <t>COND2: (SIZE_BODY + SIZE_EDHOC_M3) &lt;= LIMIT</t>
              </li>
            </ul>
          </li>
          <li>
            <t>If inner Block-wise is used, the CoAP client must verify whether all the following conditions hold:  </t>
            <ul spacing="normal">
              <li>
                <t>COND3: SIZE_EDHOC_M3 &lt;= LIMIT</t>
              </li>
              <li>
                <t>COND4: (SIZE_BLOCK + SIZE_EDHOC_M3) &lt;= LIMIT</t>
              </li>
            </ul>
          </li>
        </ul>
        <t>In either case, if not all the corresponding conditions hold, the CoAP client should not send the EDHOC + OSCORE request. Instead, the CoAP client can continue by switching to the purely sequential, original EDHOC workflow (see <xref section="A.2.1" sectionFormat="of" target="RFC9528"/>). That is, the CoAP client first sends EDHOC message_3 prepended by the EDHOC Connection Identifier C_R encoded as per <xref section="3.3" sectionFormat="of" target="RFC9528"/> and then sends the OSCORE-protected CoAP request once the EDHOC execution is completed.</t>
      </section>
      <section anchor="effectively-using-block-wise">
        <name>Effectively Using Block-Wise</name>
        <t>In order to avoid further fragmentation at lower layers when sending an EDHOC + OSCORE request, the CoAP client has to use inner Block-wise if <em>any</em> of the following conditions holds:</t>
        <ul spacing="normal">
          <li>
            <t>COND5: SIZE_BODY &gt; LIMIT</t>
          </li>
          <li>
            <t>COND6: (SIZE_BODY + SIZE_EDHOC_M3) &gt; LIMIT</t>
          </li>
        </ul>
        <t>In particular, consistent with <xref target="sec-block-wise-pre-req"/>, the SIZE_BLOCK used has to be such that the following condition also holds:</t>
        <ul spacing="normal">
          <li>
            <t>COND7: (SIZE_BLOCK + SIZE_EDHOC_M3) &lt;= LIMIT</t>
          </li>
        </ul>
        <t>Note that the CoAP client might still use Block-wise due to reasons different from exceeding the size indicated by LIMIT.</t>
        <t>The following shows the number of round trips for completing both the EDHOC execution and the first OSCORE-protected exchange, under the assumption that the exchange of EDHOC message_1 and EDHOC message_2 does not result in using Block-wise.</t>
        <t>If <em>both</em> the conditions COND5 and COND6 hold, the use of Block-wise results in the following number of round trips experienced by the CoAP client.</t>
        <ul spacing="normal">
          <li>
            <t>If the original EDHOC execution workflow is used (see <xref section="A.2.1" sectionFormat="of" target="RFC9528"/>), the number of round trips RT_ORIG is equal to 1 + ceil(SIZE_EDHOC_M3 / SIZE_BLOCK) + ceil(SIZE_BODY / SIZE_BLOCK).</t>
          </li>
          <li>
            <t>If the optimized EDHOC execution workflow is used (see <xref section="3" sectionFormat="of" target="RFC9668"/>), the number of round trips RT_COMB is equal to 1 + ceil(SIZE_BODY / SIZE_BLOCK).</t>
          </li>
        </ul>
        <t>It follows that RT_COMB &lt; RT_ORIG, i.e., the optimized EDHOC execution workflow always yields a lower number of round trips.</t>
        <t>Instead, the convenience of using the optimized EDHOC execution workflow becomes questionable if <em>both</em> the following conditions hold:</t>
        <ul spacing="normal">
          <li>
            <t>COND8: SIZE_BODY &lt;= LIMIT</t>
          </li>
          <li>
            <t>COND9: (SIZE_BODY + SIZE_EDHOC_M3) &gt; LIMIT</t>
          </li>
        </ul>
        <t>That is, since SIZE_BODY &lt;= LIMIT, using Block-wise would not be required when using the original EDHOC execution workflow, provided that SIZE_EDHOC_M3 &lt;= LIMIT still holds.</t>
        <t>At the same time, using the combined workflow is in itself what actually triggers the use of Block-wise, since (SIZE_BODY + SIZE_EDHOC_M3) &gt; LIMIT.</t>
        <t>Therefore, the following round trips are experienced by the CoAP client.</t>
        <ul spacing="normal">
          <li>
            <t>The original EDHOC execution workflow run without using Block-wise results in a number of round trips RT_ORIG equal to 3.</t>
          </li>
          <li>
            <t>The optimized EDHOC execution workflow run using Block-wise results in a number of round trips RT_COMB equal to 1 + ceil(SIZE_BODY / SIZE_BLOCK).</t>
          </li>
        </ul>
        <t>It follows that RT_COMB &gt;= RT_ORIG, i.e., the optimized EDHOC execution workflow might still be not worse than the original EDHOC execution workflow in terms of round trips. This is the case only if the SIZE_BLOCK used is such that ceil(SIZE_BODY / SIZE_BLOCK) is equal to 2, i.e., the plain application data is fragmented into only 2 inner blocks, and thus the EDHOC + OSCORE request is followed by only one more request message transporting the last block of the body.</t>
        <t>However, even in such a case, there would be no advantage in terms of round trips compared to the original workflow, while still requiring the CoAP client and the CoAP server to perform the processing due to using the EDHOC + OSCORE request and Block-wise transferring.</t>
        <t>Therefore, if both the conditions COND8 and COND9 hold, the CoAP client should not send the EDHOC + OSCORE request. Instead, the CoAP client should continue by switching to the original EDHOC execution workflow. That is, the CoAP client first sends EDHOC message_3 prepended by the EDHOC Connection Identifier C_R encoded as per <xref section="3.3" sectionFormat="of" target="RFC9528"/> and then sends the OSCORE-protected CoAP request once the EDHOC execution is completed.</t>
      </section>
    </section>
    <section anchor="operational-considerations">
      <name>Operational Considerations</name>
      <t>There are no new operations or manageability requirements introduced by this document, which provides considerations for implementers of the EDHOC protocol and does not update the protocol or introduce extensions thereof.</t>
    </section>
    <section anchor="sec-security-considerations">
      <name>Security Considerations</name>
      <t>This document provides considerations for implementations of the EDHOC protocol. The security considerations compiled in <xref section="9" sectionFormat="of" target="RFC9528"/> and in <xref section="7" sectionFormat="of" target="RFC9668"/> apply. The compliance requirements for implementations that are listed in <xref section="8" sectionFormat="of" target="RFC9528"/> also apply.</t>
      <t>It is foreseeable that the EDHOC protocol will be extended (e.g., in terms of new cipher suites, new methods, and new types of authentication credentials) and that external security applications will be integrated into EDHOC by embedding the transport of their data in EDHOC EAD items. For implementations that support such extensions and external applications, the related security considerations and compliance requirements also apply.</t>
      <section anchor="assessing-the-correctness-of-implementations">
        <name>Assessing the Correctness of Implementations</name>
        <t>Tools relying on fuzz testing such as EDHOC-Fuzzer <xref target="EDHOC-Fuzzer"/> can help assess the correctness of implementations of the EDHOC protocol and of external security applications integrated into EDHOC.</t>
        <t>Such tools help finding and amending implementation errors especially related to the following points:</t>
        <ul spacing="normal">
          <li>
            <t>Non-conformance with the protocol specification (e.g., unintended deviations in performing the protocol steps), which can be a potential source of security vulnerabilities in addition to performance deficiencies.</t>
          </li>
          <li>
            <t>Presence of inappropriate states and state transitions in the modeling of the EDHOC execution, e.g., states that are impossible to reach and traverse or that are not part of the protocol specification (which is a particular case of non-conformance).  </t>
            <t>
These states and transitions should be amended or removed, in order to reduce the memory footprint and code complexity and to simplify the implementation, thus reducing the risks of bugs and related security vulnerabilities.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document has no actions for IANA.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC7252">
          <front>
            <title>The Constrained Application Protocol (CoAP)</title>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2014"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation.</t>
              <t>CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7252"/>
          <seriesInfo name="DOI" value="10.17487/RFC7252"/>
        </reference>
        <reference anchor="RFC7959">
          <front>
            <title>Block-Wise Transfers in the Constrained Application Protocol (CoAP)</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="Z. Shelby" initials="Z." role="editor" surname="Shelby"/>
            <date month="August" year="2016"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a RESTful transfer protocol for constrained nodes and networks. Basic CoAP messages work well for small payloads from sensors and actuators; however, applications will need to transfer larger payloads occasionally -- for instance, for firmware updates. In contrast to HTTP, where TCP does the grunt work of segmenting and resequencing, CoAP is based on datagram transports such as UDP or Datagram Transport Layer Security (DTLS). These transports only offer fragmentation, which is even more problematic in constrained nodes and networks, limiting the maximum size of resource representations that can practically be transferred.</t>
              <t>Instead of relying on IP fragmentation, this specification extends basic CoAP with a pair of "Block" options for transferring multiple blocks of information from a resource representation in multiple request-response pairs. In many important cases, the Block options enable a server to be truly stateless: the server can handle each block transfer separately, with no need for a connection setup or other server-side memory of previous block transfers. Essentially, the Block options provide a minimal way to transfer larger representations in a block-wise fashion.</t>
              <t>A CoAP implementation that does not support these options generally is limited in the size of the representations that can be exchanged, so there is an expectation that the Block options will be widely used in CoAP implementations. Therefore, this specification updates RFC 7252.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7959"/>
          <seriesInfo name="DOI" value="10.17487/RFC7959"/>
        </reference>
        <reference anchor="RFC8613">
          <front>
            <title>Object Security for Constrained RESTful Environments (OSCORE)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Mattsson" initials="J." surname="Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="July" year="2019"/>
            <abstract>
              <t>This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols.</t>
              <t>Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8613"/>
          <seriesInfo name="DOI" value="10.17487/RFC8613"/>
        </reference>
        <reference anchor="RFC9528">
          <front>
            <title>Ephemeral Diffie-Hellman Over COSE (EDHOC)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Preuß Mattsson" initials="J." surname="Preuß Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <date month="March" year="2024"/>
            <abstract>
              <t>This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a very compact and lightweight authenticated Diffie-Hellman key exchange with ephemeral keys. EDHOC provides mutual authentication, forward secrecy, and identity protection. EDHOC is intended for usage in constrained scenarios, and a main use case is to establish an Object Security for Constrained RESTful Environments (OSCORE) security context. By reusing CBOR Object Signing and Encryption (COSE) for cryptography, Concise Binary Object Representation (CBOR) for encoding, and Constrained Application Protocol (CoAP) for transport, the additional code size can be kept very low.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9528"/>
          <seriesInfo name="DOI" value="10.17487/RFC9528"/>
        </reference>
        <reference anchor="RFC9668">
          <front>
            <title>Using Ephemeral Diffie-Hellman Over COSE (EDHOC) with the Constrained Application Protocol (CoAP) and Object Security for Constrained RESTful Environments (OSCORE)</title>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="M. Tiloca" initials="M." surname="Tiloca"/>
            <author fullname="R. Höglund" initials="R." surname="Höglund"/>
            <author fullname="S. Hristozov" initials="S." surname="Hristozov"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <date month="November" year="2024"/>
            <abstract>
              <t>The lightweight authenticated key exchange protocol Ephemeral Diffie-Hellman Over COSE (EDHOC) can be run over the Constrained Application Protocol (CoAP) and used by two peers to establish a Security Context for the security protocol Object Security for Constrained RESTful Environments (OSCORE). This document details this use of the EDHOC protocol by specifying a number of additional and optional mechanisms, including an optimization approach for combining the execution of EDHOC with the first OSCORE transaction. This combination reduces the number of round trips required to set up an OSCORE Security Context and to complete an OSCORE transaction using that Security Context.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9668"/>
          <seriesInfo name="DOI" value="10.17487/RFC9668"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC2986">
          <front>
            <title>PKCS #10: Certification Request Syntax Specification Version 1.7</title>
            <author fullname="M. Nystrom" initials="M." surname="Nystrom"/>
            <author fullname="B. Kaliski" initials="B." surname="Kaliski"/>
            <date month="November" year="2000"/>
            <abstract>
              <t>This memo represents a republication of PKCS #10 v1.7 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, and change control is retained within the PKCS process. The body of this document, except for the security considerations section, is taken directly from the PKCS #9 v2.0 or the PKCS #10 v1.7 document. This memo provides information for the Internet community.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="2986"/>
          <seriesInfo name="DOI" value="10.17487/RFC2986"/>
        </reference>
        <reference anchor="RFC5280">
          <front>
            <title>Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title>
            <author fullname="D. Cooper" initials="D." surname="Cooper"/>
            <author fullname="S. Santesson" initials="S." surname="Santesson"/>
            <author fullname="S. Farrell" initials="S." surname="Farrell"/>
            <author fullname="S. Boeyen" initials="S." surname="Boeyen"/>
            <author fullname="R. Housley" initials="R." surname="Housley"/>
            <author fullname="W. Polk" initials="W." surname="Polk"/>
            <date month="May" year="2008"/>
            <abstract>
              <t>This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5280"/>
          <seriesInfo name="DOI" value="10.17487/RFC5280"/>
        </reference>
        <reference anchor="RFC6960">
          <front>
            <title>X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP</title>
            <author fullname="S. Santesson" initials="S." surname="Santesson"/>
            <author fullname="M. Myers" initials="M." surname="Myers"/>
            <author fullname="R. Ankney" initials="R." surname="Ankney"/>
            <author fullname="A. Malpani" initials="A." surname="Malpani"/>
            <author fullname="S. Galperin" initials="S." surname="Galperin"/>
            <author fullname="C. Adams" initials="C." surname="Adams"/>
            <date month="June" year="2013"/>
            <abstract>
              <t>This document specifies a protocol useful in determining the current status of a digital certificate without requiring Certificate Revocation Lists (CRLs). Additional mechanisms addressing PKIX operational requirements are specified in separate documents. This document obsoletes RFCs 2560 and 6277. It also updates RFC 5912.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6960"/>
          <seriesInfo name="DOI" value="10.17487/RFC6960"/>
        </reference>
        <reference anchor="RFC9200">
          <front>
            <title>Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)</title>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE-OAuth. The framework is based on a set of building blocks including OAuth 2.0 and the Constrained Application Protocol (CoAP), thus transforming a well-known and widely used authorization solution into a form suitable for IoT devices. Existing specifications are used where possible, but extensions are added and profiles are defined to better serve the IoT use cases.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9200"/>
          <seriesInfo name="DOI" value="10.17487/RFC9200"/>
        </reference>
        <reference anchor="I-D.ietf-ace-edhoc-oscore-profile">
          <front>
            <title>Ephemeral Diffie-Hellman Over COSE (EDHOC) and Object Security for Constrained Environments (OSCORE) Profile for Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson</organization>
            </author>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE</organization>
            </author>
            <date day="1" month="March" year="2026"/>
            <abstract>
              <t>   This document specifies a profile for the Authentication and
   Authorization for Constrained Environments (ACE) framework.  It
   utilizes Ephemeral Diffie-Hellman Over COSE (EDHOC) for achieving
   mutual authentication between an ACE-OAuth client and resource
   server, and it binds an authentication credential of the client to an
   ACE-OAuth access token.  EDHOC also establishes an Object Security
   for Constrained RESTful Environments (OSCORE) Security Context, which
   is used to secure communications between the client and resource
   server when accessing protected resources according to the
   authorization information indicated in the access token.  This
   profile can be used to delegate management of authorization
   information from a resource-constrained server to a trusted host with
   less severe limitations regarding processing power and memory.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-edhoc-oscore-profile-10"/>
        </reference>
        <reference anchor="I-D.ietf-core-oscore-key-update">
          <front>
            <title>Key Update for OSCORE (KUDOS)</title>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   Communications with the Constrained Application Protocol (CoAP) can
   be protected end-to-end at the application-layer by using the
   security protocol Object Security for Constrained RESTful
   Environments (OSCORE).  Under some circumstances, two CoAP endpoints
   need to update their OSCORE keying material before communications can
   securely continue, e.g., due to approaching key usage limits.  This
   document defines Key Update for OSCORE (KUDOS), a lightweight key
   update procedure that two CoAP endpoints can use to update their
   OSCORE keying material by establishing a new OSCORE Security Context.
   Accordingly, this document updates the use of the OSCORE flag bits in
   the CoAP OSCORE Option as well as the protection of CoAP response
   messages with OSCORE.  Also, it deprecates the key update procedure
   specified in Appendix B.2 of RFC 8613.  Therefore, this document
   updates RFC 8613.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-oscore-key-update-13"/>
        </reference>
        <reference anchor="I-D.ietf-core-oscore-key-limits">
          <front>
            <title>Key Usage Limits for OSCORE</title>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <date day="7" month="January" year="2026"/>
            <abstract>
              <t>   Object Security for Constrained RESTful Environments (OSCORE) uses
   AEAD algorithms to ensure confidentiality and integrity of exchanged
   messages.  Due to known issues allowing forgery attacks against AEAD
   algorithms, limits should be followed regarding the number of times a
   specific key is used for encryption or decryption.  Among other
   reasons, approaching key usage limits requires updating the OSCORE
   keying material before communications can securely continue.  This
   document defines how two OSCORE peers can follow these key usage
   limits and what steps they should take to preserve the security of
   their communications.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-oscore-key-limits-06"/>
        </reference>
        <reference anchor="I-D.ietf-cose-cbor-encoded-cert">
          <front>
            <title>CBOR Encoded X.509 Certificates (C509 Certificates)</title>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Shahid Raza" initials="S." surname="Raza">
              <organization>University of Glasgow</organization>
            </author>
            <author fullname="Joel Höglund" initials="J." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Martin Furuhed" initials="M." surname="Furuhed">
              <organization>IN Groupe</organization>
            </author>
            <author fullname="Lijun Liao" initials="L." surname="Liao">
              <organization>NIO</organization>
            </author>
            <date day="30" month="June" year="2026"/>
            <abstract>
              <t>   This document specifies a CBOR encoding of X.509 certificates.  The
   resulting certificates are called C509 certificates.  The CBOR
   encoding supports a large subset of RFC 5280 and common certificate
   profiles, and it is extensible.

   Two types of C509 certificates are defined.  One type is an
   invertible CBOR re-encoding of DER-encoded X.509 certificates with
   the signature field copied from the DER encoding.  The other type is
   identical except that the signature is computed over the CBOR
   encoding instead of the DER encoding, thereby avoiding the use of
   ASN.1.  Both types of certificates have the same semantics as X.509
   while providing comparable size reduction.

   This document also specifies CBOR-encoded data structures for
   certification requests and certification request templates, new COSE
   headers, as well as a TLS certificate type and a file format for
   C509.  This document updates RFC 6698 by extending the TLSA selectors
   registry to include C509 certificates.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-cose-cbor-encoded-cert-20"/>
        </reference>
        <reference anchor="I-D.ietf-lake-authz">
          <front>
            <title>Lightweight Authorization using Ephemeral Diffie-Hellman Over COSE (ELA)</title>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Mališa Vučinić" initials="M." surname="Vučinić">
              <organization>INRIA</organization>
            </author>
            <author fullname="Geovane Fedrecheski" initials="G." surname="Fedrecheski">
              <organization>INRIA</organization>
            </author>
            <author fullname="Michael Richardson" initials="M." surname="Richardson">
              <organization>Sandelman Software Works</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   Ephemeral Diffie-Hellman Over COSE (EDHOC) is a lightweight
   authenticated key exchange protocol intended for use in constrained
   scenarios.  This document specifies Lightweight Authorization using
   EDHOC (ELA).  The procedure allows authorizing enrollment of new
   devices using the extension point defined in EDHOC.  ELA is
   applicable to zero-touch onboarding of new devices to a constrained
   network leveraging trust anchors installed at manufacture time.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-lake-authz-07"/>
        </reference>
        <reference anchor="I-D.ietf-ace-workflow-and-params">
          <front>
            <title>Short Distribution Chain (SDC) Workflow and New OAuth Parameters for the Authentication and Authorization for Constrained Environments (ACE) Framework</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document updates the Authentication and Authorization for
   Constrained Environments framework (ACE, RFC 9200) as follows. (1) It
   defines the Short Distribution Chain (SDC) workflow that the
   authorization server (AS) can use for uploading an access token to a
   resource server on behalf of the client. (2) For the OAuth 2.0 token
   endpoint, it defines new parameters and encodings and it extends the
   semantics of the "ace_profile" parameter. (3) For the OAuth 2.0
   authz-info endpoint, it defines a new parameter and its encoding. (4)
   It defines how the client and the AS can coordinate on the exchange
   of the client's and resource server's public authentication
   credentials, when those can be transported by value or identified by
   reference; this extends the semantics of the "rs_cnf" parameter for
   the OAuth 2.0 token endpoint, thus updating RFC 9201. (5) It extends
   the error handling at the AS, for which it defines a new error code.
   (6) It deprecates the original payload format of error responses
   conveying an error code, when CBOR is used to encode message
   payloads.  For those responses, it defines a new payload format
   aligned with RFC 9290, thus updating in this respect also the
   profiles defined in RFC 9202, RFC 9203, and RFC 9431. (7) It amends
   two of the requirements on profiles of the framework.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-workflow-and-params-07"/>
        </reference>
        <reference anchor="I-D.ietf-lake-edhoc-psk">
          <front>
            <title>EDHOC Authenticated with Pre-Shared Keys (PSK)</title>
            <author fullname="Elsa Lopez-Perez" initials="" surname="Lopez-Perez">
              <organization>Inria</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson</organization>
            </author>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson</organization>
            </author>
            <author fullname="Rafael Marin-Lopez" initials="R." surname="Marin-Lopez">
              <organization>University of Murcia</organization>
            </author>
            <author fullname="Francisco Lopez-Gomez" initials="F." surname="Lopez-Gomez">
              <organization>University of Murcia</organization>
            </author>
            <date day="16" month="June" year="2026"/>
            <abstract>
              <t>   This document specifies a Pre-Shared Key (PSK) authentication method
   for the Ephemeral Diffie-Hellman Over COSE (EDHOC) Lightweight
   Authenticated Key Exchange (LAKE) protocol.  The PSK method provides
   mutual authentication, ephemeral key exchange, identity protection,
   and quantum resistance while incurring lower computational costs than
   the public-key authentication methods specified for EDHOC.  It is
   suited for systems where nodes share a PSK provided out-of-band
   (external PSK) and enables efficient session resumption with less
   computational overhead when the PSK is provided from a previous EDHOC
   session (resumption PSK).  This document details the PSK message
   flow, key derivation changes, message formatting, processing, and
   security considerations.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-lake-edhoc-psk-08"/>
        </reference>
        <reference anchor="EDHOC-Fuzzer" target="https://dl.acm.org/doi/10.1145/3597926.3604922">
          <front>
            <title>EDHOC-Fuzzer: An EDHOC Protocol State Fuzzer</title>
            <author initials="K." surname="Sagonas" fullname="Konstantinos Sagonas">
              <organization/>
            </author>
            <author initials="T." surname="Typaldos" fullname="Thanasis Typaldos">
              <organization/>
            </author>
            <date year="2023" month="July" day="13"/>
          </front>
          <seriesInfo name="ISSTA 2023: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis" value=""/>
        </reference>
      </references>
    </references>
    <?line 1060?>

<section anchor="sec-message-side-processing-m1-advanced">
      <name>Foreseen Advanced Processing of Incoming EDHOC message_1</name>
      <t>As mentioned in <xref target="sec-message-side-processing-m1"/>, future developments in EDHOC and in related external security applications might rely on an EAD item in EDHOC message_1 that specifies the authentication credential CRED associated with the Initiator (by value or by reference), as wrapped in a cryptographically protected "envelope".</t>
      <t>In order to handle such a case, the processing of an incoming EDHOC message_1 as described in <xref target="sec-message-side-processing-m1"/> is extended with additional steps performed by the SPO.</t>
      <t>Such an extended side processing shares similarities with that of an incoming EDHOC message_2 or message_3 (see <xref target="sec-message-side-processing-m2-m3"/>). In particular, similarly to what is compiled in <xref target="sec-pre-verif-phase-1"/> and <xref target="sec-pre-verif-phase-2"/>, the SPO first checks whether expected EAD items are absent in message_X (see <xref target="sec-message-side-processing"/>), and then performs the following steps.</t>
      <ul spacing="normal">
        <li>
          <t>(0) The SPO checks the presence of an EAD item that specifies the authentication credential CRED associated with the Initiator (by value or by reference).  </t>
          <t>
If no such EAD item is found, the SPO moves to Step 12. Otherwise, the SPO moves to Step 1.</t>
        </li>
        <li>
          <t>(1) The SPO determines CRED based on an EAD item retrieved at Step 0.  </t>
          <t>
The EAD item can specify CRED by value or by reference, including a URI or other external reference where CRED can be retrieved from.  </t>
          <t>
If CRED is already stored, the SPO moves to Step 2. Otherwise, the SPO moves to Step 3.</t>
        </li>
        <li>
          <t>(2) The SPO determines if the stored CRED is currently trusted and valid, e.g., by verifying that CRED has not expired and has not been revoked.  </t>
          <t>
Performing such a validation might require the SPO to first process an EAD item included in message_1.  </t>
          <t>
In the case that CRED is determined to be valid, the SPO moves to Step 9. Otherwise, the SPO moves to Step 11.</t>
        </li>
        <li>
          <t>(3) The SPO attempts to retrieve CRED via an EAD item considered at Step 1. Then, the SPO moves to Step 4.</t>
        </li>
        <li>
          <t>(4) If the retrieval of CRED has succeeded, the SPO moves to Step 5. Otherwise, the SPO moves to Step 11.</t>
        </li>
        <li>
          <t>(5) If the enforced trust policy for new authentication credentials is "NO-LEARNING" and P does not admit any exceptions that are acceptable to enforce for message_1 (see <xref target="sec-policy-no-learning"/>), the SPO moves to Step 11. Otherwise, the SPO moves to Step 6.</t>
        </li>
        <li>
          <t>(6) If this step has been reached, the peer P is not already storing the retrieved CRED and, at the same time, it enforces either the trust policy "LEARNING" or the trust policy "NO-LEARNING" while also enforcing an exception acceptable for message_1 (see <xref target="sec-policy-no-learning"/>).  </t>
          <t>
Consistent with that, the SPO determines if CRED is currently valid, e.g., by verifying that CRED has not expired and has not been revoked.  </t>
          <t>
Validating CRED might require the SPO to first process an EAD item included in message_1.  </t>
          <t>
After successfully validating CRED, the peer P can typically consider CRED as ultimately trusted as well. However, there can be cases where P requires to obtain additional information before doing so.  </t>
          <t>
If such additional information can be retrieved from message_1 (e.g., from an EAD item included therein), then P uses it to assess if CRED is trusted. Otherwise, if such additional information is expected later on during the EDHOC session, it can be acceptable for P to consider CRED as provisionally trusted.  </t>
          <t>
After completing the validation and trust assessment of CRED, the SPO moves to Step 7.</t>
        </li>
        <li>
          <t>(7) If CRED has been determined valid and (provisionally) trusted, the SPO moves to Step 8. Otherwise, the SPO moves to Step 11.</t>
        </li>
        <li>
          <t>(8) The SPO stores CRED as a valid and (provisionally) trusted authentication credential associated with the other peer, together with corresponding authentication credential identifiers (see <xref target="sec-trust-models"/>). Then, the SPO moves to Step 9.</t>
        </li>
        <li>
          <t>(9) The SPO checks if CRED is fine to use in the context of the ongoing EDHOC session, also depending on the specific identity of the other peer (see Sections <xref target="RFC9528" section="3.5" sectionFormat="bare"/> and <xref target="RFC9528" section="D.2" sectionFormat="bare"/> of <xref target="RFC9528"/>).  </t>
          <t>
If this is the case, the SPO moves to Step 10. Otherwise, the SPO moves to Step 11.</t>
        </li>
        <li>
          <t>(10) P uses CRED as authentication credential associated with the other peer in the ongoing EDHOC session. Then, the SPO moves to Step 12.</t>
        </li>
        <li>
          <t>(11) The SPO has not found a valid and (provisionally) trusted authentication credential associated with the other peer that can be used in the ongoing EDHOC session. Therefore, the EDHOC session with the other peer is aborted.</t>
        </li>
        <li>
          <t>(12) The SPO processes any EAD item included in message_1 that has not already been processed.  </t>
          <t>
Once all such EAD items have been processed, the SPO transfers control back to EDHOC. When doing so, the SPO also provides EDHOC with any produced EAD items to include in the EAD field of the next outgoing EDHOC message.</t>
        </li>
      </ul>
      <t>The flowchart in <xref target="fig-flowchart-spo-low-level-m1-advanced"/> shows the different steps taken for the advanced processing of an incoming EDHOC message_1 defined above.</t>
      <figure anchor="fig-flowchart-spo-low-level-m1-advanced">
        <name>Processing Steps for Incoming EDHOC message_1.</name>
        <artset>
          <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="1936" width="576" viewBox="0 0 576 1936" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,400 L 8,1696" fill="none" stroke="black"/>
              <path d="M 16,128 L 16,160" fill="none" stroke="black"/>
              <path d="M 16,224 L 16,272" fill="none" stroke="black"/>
              <path d="M 16,1872 L 16,1920" fill="none" stroke="black"/>
              <path d="M 24,448 L 24,496" fill="none" stroke="black"/>
              <path d="M 24,560 L 24,608" fill="none" stroke="black"/>
              <path d="M 24,1584 L 24,1664" fill="none" stroke="black"/>
              <path d="M 32,616 L 32,1576" fill="none" stroke="black"/>
              <path d="M 56,864 L 56,928" fill="none" stroke="black"/>
              <path d="M 56,1024 L 56,1120" fill="none" stroke="black"/>
              <path d="M 56,1392 L 56,1520" fill="none" stroke="black"/>
              <path d="M 64,672 L 64,752" fill="none" stroke="black"/>
              <path d="M 88,1128 L 88,1384" fill="none" stroke="black"/>
              <path d="M 88,1528 L 88,1576" fill="none" stroke="black"/>
              <path d="M 88,1672 L 88,1744" fill="none" stroke="black"/>
              <path d="M 88,1824 L 88,1864" fill="none" stroke="black"/>
              <path d="M 96,80 L 96,120" fill="none" stroke="black"/>
              <path d="M 96,168 L 96,216" fill="none" stroke="black"/>
              <path d="M 96,280 L 96,304" fill="none" stroke="black"/>
              <path d="M 96,384 L 96,440" fill="none" stroke="black"/>
              <path d="M 96,504 L 96,552" fill="none" stroke="black"/>
              <path d="M 96,616 L 96,664" fill="none" stroke="black"/>
              <path d="M 96,760 L 96,856" fill="none" stroke="black"/>
              <path d="M 96,936 L 96,1016" fill="none" stroke="black"/>
              <path d="M 152,1872 L 152,1920" fill="none" stroke="black"/>
              <path d="M 176,128 L 176,160" fill="none" stroke="black"/>
              <path d="M 176,224 L 176,272" fill="none" stroke="black"/>
              <path d="M 192,560 L 192,608" fill="none" stroke="black"/>
              <path d="M 200,672 L 200,752" fill="none" stroke="black"/>
              <path d="M 200,864 L 200,928" fill="none" stroke="black"/>
              <path d="M 200,1024 L 200,1120" fill="none" stroke="black"/>
              <path d="M 208,1392 L 208,1520" fill="none" stroke="black"/>
              <path d="M 224,128 L 224,272" fill="none" stroke="black"/>
              <path d="M 224,448 L 224,496" fill="none" stroke="black"/>
              <path d="M 248,672 L 248,736" fill="none" stroke="black"/>
              <path d="M 248,864 L 248,1056" fill="none" stroke="black"/>
              <path d="M 248,1088 L 248,1424" fill="none" stroke="black"/>
              <path d="M 296,800 L 296,856" fill="none" stroke="black"/>
              <path d="M 296,1280 L 296,1328" fill="none" stroke="black"/>
              <path d="M 296,1392 L 296,1520" fill="none" stroke="black"/>
              <path d="M 320,1064 L 320,1272" fill="none" stroke="black"/>
              <path d="M 320,1336 L 320,1384" fill="none" stroke="black"/>
              <path d="M 344,864 L 344,1056" fill="none" stroke="black"/>
              <path d="M 360,672 L 360,736" fill="none" stroke="black"/>
              <path d="M 408,864 L 408,976" fill="none" stroke="black"/>
              <path d="M 416,672 L 416,752" fill="none" stroke="black"/>
              <path d="M 424,1152 L 424,1216" fill="none" stroke="black"/>
              <path d="M 432,760 L 432,800" fill="none" stroke="black"/>
              <path d="M 512,760 L 512,856" fill="none" stroke="black"/>
              <path d="M 512,984 L 512,1144" fill="none" stroke="black"/>
              <path d="M 512,1224 L 512,1272" fill="none" stroke="black"/>
              <path d="M 520,1584 L 520,1664" fill="none" stroke="black"/>
              <path d="M 528,672 L 528,752" fill="none" stroke="black"/>
              <path d="M 552,864 L 552,976" fill="none" stroke="black"/>
              <path d="M 552,1152 L 552,1216" fill="none" stroke="black"/>
              <path d="M 552,1280 L 552,1328" fill="none" stroke="black"/>
              <path d="M 552,1392 L 552,1520" fill="none" stroke="black"/>
              <path d="M 568,400 L 568,1696" fill="none" stroke="black"/>
              <path d="M 16,128 L 176,128" fill="none" stroke="black"/>
              <path d="M 200,128 L 224,128" fill="none" stroke="black"/>
              <path d="M 16,160 L 176,160" fill="none" stroke="black"/>
              <path d="M 224,192 L 248,192" fill="none" stroke="black"/>
              <path d="M 16,224 L 176,224" fill="none" stroke="black"/>
              <path d="M 16,272 L 176,272" fill="none" stroke="black"/>
              <path d="M 200,272 L 224,272" fill="none" stroke="black"/>
              <path d="M 8,400 L 88,400" fill="none" stroke="black"/>
              <path d="M 104,400 L 568,400" fill="none" stroke="black"/>
              <path d="M 24,448 L 224,448" fill="none" stroke="black"/>
              <path d="M 24,496 L 224,496" fill="none" stroke="black"/>
              <path d="M 24,560 L 192,560" fill="none" stroke="black"/>
              <path d="M 24,608 L 192,608" fill="none" stroke="black"/>
              <path d="M 64,672 L 200,672" fill="none" stroke="black"/>
              <path d="M 248,672 L 360,672" fill="none" stroke="black"/>
              <path d="M 416,672 L 528,672" fill="none" stroke="black"/>
              <path d="M 208,704 L 240,704" fill="none" stroke="black"/>
              <path d="M 368,704 L 408,704" fill="none" stroke="black"/>
              <path d="M 248,736 L 360,736" fill="none" stroke="black"/>
              <path d="M 64,752 L 200,752" fill="none" stroke="black"/>
              <path d="M 416,752 L 528,752" fill="none" stroke="black"/>
              <path d="M 296,800 L 432,800" fill="none" stroke="black"/>
              <path d="M 56,864 L 200,864" fill="none" stroke="black"/>
              <path d="M 248,864 L 344,864" fill="none" stroke="black"/>
              <path d="M 408,864 L 552,864" fill="none" stroke="black"/>
              <path d="M 208,880 L 240,880" fill="none" stroke="black"/>
              <path d="M 352,880 L 400,880" fill="none" stroke="black"/>
              <path d="M 56,928 L 200,928" fill="none" stroke="black"/>
              <path d="M 408,976 L 552,976" fill="none" stroke="black"/>
              <path d="M 56,1024 L 200,1024" fill="none" stroke="black"/>
              <path d="M 208,1040 L 240,1040" fill="none" stroke="black"/>
              <path d="M 248,1056 L 344,1056" fill="none" stroke="black"/>
              <path d="M 208,1088 L 248,1088" fill="none" stroke="black"/>
              <path d="M 56,1120 L 200,1120" fill="none" stroke="black"/>
              <path d="M 424,1152 L 552,1152" fill="none" stroke="black"/>
              <path d="M 424,1216 L 552,1216" fill="none" stroke="black"/>
              <path d="M 296,1280 L 552,1280" fill="none" stroke="black"/>
              <path d="M 296,1328 L 552,1328" fill="none" stroke="black"/>
              <path d="M 56,1392 L 208,1392" fill="none" stroke="black"/>
              <path d="M 296,1392 L 552,1392" fill="none" stroke="black"/>
              <path d="M 248,1424 L 288,1424" fill="none" stroke="black"/>
              <path d="M 56,1520 L 208,1520" fill="none" stroke="black"/>
              <path d="M 296,1520 L 552,1520" fill="none" stroke="black"/>
              <path d="M 24,1584 L 520,1584" fill="none" stroke="black"/>
              <path d="M 24,1664 L 520,1664" fill="none" stroke="black"/>
              <path d="M 8,1696 L 80,1696" fill="none" stroke="black"/>
              <path d="M 96,1696 L 568,1696" fill="none" stroke="black"/>
              <path d="M 16,1872 L 152,1872" fill="none" stroke="black"/>
              <path d="M 16,1920 L 152,1920" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="520,1272 508,1266.4 508,1277.6" fill="black" transform="rotate(90,512,1272)"/>
              <polygon class="arrowhead" points="520,1144 508,1138.4 508,1149.6" fill="black" transform="rotate(90,512,1144)"/>
              <polygon class="arrowhead" points="520,856 508,850.4 508,861.6" fill="black" transform="rotate(90,512,856)"/>
              <polygon class="arrowhead" points="416,704 404,698.4 404,709.6" fill="black" transform="rotate(0,408,704)"/>
              <polygon class="arrowhead" points="360,880 348,874.4 348,885.6" fill="black" transform="rotate(180,352,880)"/>
              <polygon class="arrowhead" points="328,1384 316,1378.4 316,1389.6" fill="black" transform="rotate(90,320,1384)"/>
              <polygon class="arrowhead" points="328,1064 316,1058.4 316,1069.6" fill="black" transform="rotate(270,320,1064)"/>
              <polygon class="arrowhead" points="304,856 292,850.4 292,861.6" fill="black" transform="rotate(90,296,856)"/>
              <polygon class="arrowhead" points="248,1040 236,1034.4 236,1045.6" fill="black" transform="rotate(0,240,1040)"/>
              <polygon class="arrowhead" points="248,880 236,874.4 236,885.6" fill="black" transform="rotate(0,240,880)"/>
              <polygon class="arrowhead" points="248,704 236,698.4 236,709.6" fill="black" transform="rotate(0,240,704)"/>
              <polygon class="arrowhead" points="216,1088 204,1082.4 204,1093.6" fill="black" transform="rotate(180,208,1088)"/>
              <polygon class="arrowhead" points="104,1016 92,1010.4 92,1021.6" fill="black" transform="rotate(90,96,1016)"/>
              <polygon class="arrowhead" points="104,856 92,850.4 92,861.6" fill="black" transform="rotate(90,96,856)"/>
              <polygon class="arrowhead" points="104,664 92,658.4 92,669.6" fill="black" transform="rotate(90,96,664)"/>
              <polygon class="arrowhead" points="104,552 92,546.4 92,557.6" fill="black" transform="rotate(90,96,552)"/>
              <polygon class="arrowhead" points="104,216 92,210.4 92,221.6" fill="black" transform="rotate(90,96,216)"/>
              <polygon class="arrowhead" points="104,120 92,114.4 92,125.6" fill="black" transform="rotate(90,96,120)"/>
              <polygon class="arrowhead" points="96,1864 84,1858.4 84,1869.6" fill="black" transform="rotate(90,88,1864)"/>
              <polygon class="arrowhead" points="96,1744 84,1738.4 84,1749.6" fill="black" transform="rotate(90,88,1744)"/>
              <polygon class="arrowhead" points="96,1576 84,1570.4 84,1581.6" fill="black" transform="rotate(90,88,1576)"/>
              <polygon class="arrowhead" points="96,1384 84,1378.4 84,1389.6" fill="black" transform="rotate(90,88,1384)"/>
              <polygon class="arrowhead" points="40,1576 28,1570.4 28,1581.6" fill="black" transform="rotate(90,32,1576)"/>
              <g class="text">
                <text x="52" y="36">Incoming</text>
                <text x="40" y="52">EDHOC</text>
                <text x="104" y="52">message_1</text>
                <text x="52" y="148">Decode</text>
                <text x="120" y="148">message_1</text>
                <text x="280" y="196">(Core</text>
                <text x="328" y="196">EDHOC</text>
                <text x="400" y="196">Processing)</text>
                <text x="60" y="244">Accepted</text>
                <text x="132" y="244">selected</text>
                <text x="52" y="260">cipher</text>
                <text x="104" y="260">suite</text>
                <text x="40" y="340">Control</text>
                <text x="120" y="340">transferred</text>
                <text x="180" y="340">to</text>
                <text x="24" y="356">the</text>
                <text x="100" y="356">side-processor</text>
                <text x="188" y="356">object</text>
                <text x="420" y="420">Side</text>
                <text x="484" y="420">processing</text>
                <text x="56" y="468">Check</text>
                <text x="112" y="468">whether</text>
                <text x="180" y="468">expected</text>
                <text x="48" y="484">EAD</text>
                <text x="88" y="484">items</text>
                <text x="128" y="484">are</text>
                <text x="172" y="484">absent</text>
                <text x="44" y="580">0.</text>
                <text x="76" y="580">Does</text>
                <text x="108" y="580">an</text>
                <text x="136" y="580">EAD</text>
                <text x="52" y="596">item</text>
                <text x="104" y="596">specify</text>
                <text x="160" y="596">CRED?</text>
                <text x="52" y="644">NO</text>
                <text x="120" y="644">YES</text>
                <text x="84" y="692">1.</text>
                <text x="116" y="692">Does</text>
                <text x="148" y="692">an</text>
                <text x="176" y="692">EAD</text>
                <text x="220" y="692">NO</text>
                <text x="268" y="692">3.</text>
                <text x="316" y="692">Retrieve</text>
                <text x="436" y="692">4.</text>
                <text x="460" y="692">Is</text>
                <text x="488" y="692">the</text>
                <text x="92" y="708">item</text>
                <text x="136" y="708">point</text>
                <text x="172" y="708">to</text>
                <text x="276" y="708">CRED</text>
                <text x="312" y="708">via</text>
                <text x="464" y="708">retrieval</text>
                <text x="84" y="724">an</text>
                <text x="128" y="724">already</text>
                <text x="268" y="724">an</text>
                <text x="296" y="724">EAD</text>
                <text x="332" y="724">item</text>
                <text x="436" y="724">of</text>
                <text x="468" y="724">CRED</text>
                <text x="100" y="740">stored</text>
                <text x="152" y="740">CRED?</text>
                <text x="472" y="740">successful?</text>
                <text x="452" y="788">NO</text>
                <text x="536" y="788">YES</text>
                <text x="120" y="836">YES</text>
                <text x="220" y="868">NO</text>
                <text x="384" y="868">YES</text>
                <text x="76" y="884">2.</text>
                <text x="100" y="884">Is</text>
                <text x="132" y="884">this</text>
                <text x="172" y="884">CRED</text>
                <text x="272" y="884">11.</text>
                <text x="312" y="884">Abort</text>
                <text x="428" y="884">5.</text>
                <text x="452" y="884">Is</text>
                <text x="480" y="884">the</text>
                <text x="520" y="884">trust</text>
                <text x="88" y="900">still</text>
                <text x="136" y="900">valid</text>
                <text x="176" y="900">and</text>
                <text x="272" y="900">the</text>
                <text x="312" y="900">EDHOC</text>
                <text x="444" y="900">policy</text>
                <text x="492" y="900">used</text>
                <text x="100" y="916">trusted?</text>
                <text x="288" y="916">session</text>
                <text x="476" y="916">"NO-LEARNING",</text>
                <text x="448" y="932">without</text>
                <text x="496" y="932">any</text>
                <text x="460" y="948">acceptable</text>
                <text x="464" y="964">exceptions?</text>
                <text x="120" y="996">YES</text>
                <text x="404" y="1012">Here</text>
                <text x="440" y="1012">the</text>
                <text x="480" y="1012">trust</text>
                <text x="532" y="1012">NO</text>
                <text x="220" y="1028">NO</text>
                <text x="412" y="1028">policy</text>
                <text x="460" y="1028">used</text>
                <text x="492" y="1028">is</text>
                <text x="76" y="1044">9.</text>
                <text x="100" y="1044">Is</text>
                <text x="132" y="1044">this</text>
                <text x="172" y="1044">CRED</text>
                <text x="432" y="1044">"LEARNING",</text>
                <text x="492" y="1044">or</text>
                <text x="84" y="1060">good</text>
                <text x="116" y="1060">to</text>
                <text x="144" y="1060">use</text>
                <text x="172" y="1060">in</text>
                <text x="440" y="1060">"NO-LEARNING"</text>
                <text x="80" y="1076">the</text>
                <text x="128" y="1076">context</text>
                <text x="172" y="1076">of</text>
                <text x="420" y="1076">together</text>
                <text x="476" y="1076">with</text>
                <text x="84" y="1092">this</text>
                <text x="128" y="1092">EDHOC</text>
                <text x="396" y="1092">an</text>
                <text x="452" y="1092">overriding</text>
                <text x="100" y="1108">session?</text>
                <text x="424" y="1108">exception</text>
                <text x="444" y="1172">6.</text>
                <text x="484" y="1172">Assess</text>
                <text x="524" y="1172">if</text>
                <text x="452" y="1188">CRED</text>
                <text x="484" y="1188">is</text>
                <text x="520" y="1188">valid</text>
                <text x="448" y="1204">and</text>
                <text x="496" y="1204">trusted</text>
                <text x="112" y="1252">YES</text>
                <text x="340" y="1252">NO</text>
                <text x="316" y="1300">7.</text>
                <text x="340" y="1300">Is</text>
                <text x="372" y="1300">CRED</text>
                <text x="416" y="1300">valid</text>
                <text x="456" y="1300">and</text>
                <text x="368" y="1316">(provisionally)</text>
                <text x="468" y="1316">trusted?</text>
                <text x="344" y="1364">YES</text>
                <text x="80" y="1412">10.</text>
                <text x="132" y="1412">Continue</text>
                <text x="180" y="1412">by</text>
                <text x="316" y="1412">8.</text>
                <text x="352" y="1412">Store</text>
                <text x="396" y="1412">CRED</text>
                <text x="428" y="1412">as</text>
                <text x="464" y="1412">valid</text>
                <text x="504" y="1412">and</text>
                <text x="112" y="1428">considering</text>
                <text x="180" y="1428">this</text>
                <text x="368" y="1428">(provisionally)</text>
                <text x="468" y="1428">trusted.</text>
                <text x="84" y="1444">CRED</text>
                <text x="116" y="1444">as</text>
                <text x="144" y="1444">the</text>
                <text x="124" y="1460">authentication</text>
                <text x="324" y="1460">Pair</text>
                <text x="364" y="1460">CRED</text>
                <text x="404" y="1460">with</text>
                <text x="468" y="1460">consistent</text>
                <text x="108" y="1476">credential</text>
                <text x="348" y="1476">credential</text>
                <text x="444" y="1476">identifiers,</text>
                <text x="512" y="1476">for</text>
                <text x="108" y="1492">associated</text>
                <text x="172" y="1492">with</text>
                <text x="324" y="1492">each</text>
                <text x="384" y="1492">supported</text>
                <text x="444" y="1492">type</text>
                <text x="476" y="1492">of</text>
                <text x="80" y="1508">the</text>
                <text x="120" y="1508">other</text>
                <text x="164" y="1508">peer</text>
                <text x="348" y="1508">credential</text>
                <text x="440" y="1508">identifier.</text>
                <text x="48" y="1604">12.</text>
                <text x="96" y="1604">Process</text>
                <text x="144" y="1604">the</text>
                <text x="176" y="1604">EAD</text>
                <text x="216" y="1604">items</text>
                <text x="260" y="1604">that</text>
                <text x="300" y="1604">have</text>
                <text x="336" y="1604">not</text>
                <text x="372" y="1604">been</text>
                <text x="432" y="1604">processed</text>
                <text x="492" y="1604">yet.</text>
                <text x="52" y="1636">Make</text>
                <text x="88" y="1636">all</text>
                <text x="120" y="1636">the</text>
                <text x="168" y="1636">results</text>
                <text x="212" y="1636">of</text>
                <text x="240" y="1636">the</text>
                <text x="272" y="1636">EAD</text>
                <text x="332" y="1636">processing</text>
                <text x="416" y="1636">available</text>
                <text x="468" y="1636">to</text>
                <text x="56" y="1652">build</text>
                <text x="96" y="1652">the</text>
                <text x="132" y="1652">next</text>
                <text x="176" y="1652">EDHOC</text>
                <text x="236" y="1652">message.</text>
                <text x="40" y="1780">Control</text>
                <text x="120" y="1780">transferred</text>
                <text x="188" y="1780">back</text>
                <text x="20" y="1796">to</text>
                <text x="48" y="1796">the</text>
                <text x="84" y="1796">core</text>
                <text x="128" y="1796">EDHOC</text>
                <text x="196" y="1796">processing</text>
                <text x="56" y="1892">Advance</text>
                <text x="104" y="1892">the</text>
                <text x="184" y="1892">(Core</text>
                <text x="232" y="1892">EDHOC</text>
                <text x="304" y="1892">processing)</text>
                <text x="60" y="1908">protocol</text>
                <text x="120" y="1908">state</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art" align="center"><![CDATA[
  Incoming
  EDHOC message_1

           |
           |
           v
 +-------------------+  ---+
 | Decode message_1  |     |
 +-------------------+     |
           |               |
           |               +--- (Core EDHOC Processing)
           v               |
 +-------------------+     |
 | Accepted selected |     |
 | cipher suite      |     |
 +-------------------+  ---+
           |
           |

 Control transferred to
 the side-processor object

           |
+----------|----------------------------------------------------------+
|          |                                      Side processing     |
|          |                                                          |
| +------------------------+                                          |
| | Check whether expected |                                          |
| | EAD items are absent   |                                          |
| +------------------------+                                          |
|          |                                                          |
|          |                                                          |
|          v                                                          |
| +--------------------+                                              |
| | 0. Does an EAD     |                                              |
| | item specify CRED? |                                              |
| +--------------------+                                              |
|  |       |                                                          |
|  | NO    | YES                                                      |
|  |       v                                                          |
|  |   +----------------+     +-------------+      +-------------+    |
|  |   | 1. Does an EAD | NO  | 3. Retrieve |      | 4. Is the   |    |
|  |   | item point to  |---->| CRED via    |----->| retrieval   |    |
|  |   | an already     |     | an EAD item |      | of CRED     |    |
|  |   | stored CRED?   |     +-------------+      | successful? |    |
|  |   +----------------+                          +-------------+    |
|  |       |                                         |         |      |
|  |       |                                         | NO      | YES  |
|  |       |                        +----------------+         |      |
|  |       |                        |                          |      |
|  |       | YES                    |                          |      |
|  |       v                        v                          v      |
|  |  +-----------------+ NO  +-----------+   YES +-----------------+ |
|  |  | 2. Is this CRED |---->| 11. Abort |<------| 5. Is the trust | |
|  |  | still valid and |     | the EDHOC |       | policy used     | |
|  |  | trusted?        |     | session   |       | "NO-LEARNING",  | |
|  |  +-----------------+     |           |       | without any     | |
|  |       |                  |           |       | acceptable      | |
|  |       |                  |           |       | exceptions?     | |
|  |       |                  |           |       +-----------------+ |
|  |       | YES              |           |                    |      |
|  |       v                  |           |     Here the trust | NO   |
|  |  +-----------------+ NO  |           |     policy used is |      |
|  |  | 9. Is this CRED |---->|           |     "LEARNING", or |      |
|  |  | good to use in  |     +-----------+     "NO-LEARNING"  |      |
|  |  | the context of  |              ^        together with  |      |
|  |  | this EDHOC      |<----+        |        an overriding  |      |
|  |  | session?        |     |        |        exception      |      |
|  |  +-----------------+     |        |                       |      |
|  |      |                   |        |                       v      |
|  |      |                   |        |            +---------------+ |
|  |      |                   |        |            | 6. Assess if  | |
|  |      |                   |        |            | CRED is valid | |
|  |      |                   |        |            | and trusted   | |
|  |      |                   |        |            +---------------+ |
|  |      |                   |        |                       |      |
|  |      | YES               |        | NO                    |      |
|  |      |                   |        |                       v      |
|  |      |                   |     +-------------------------------+ |
|  |      |                   |     | 7. Is CRED valid and          | |
|  |      |                   |     | (provisionally) trusted?      | |
|  |      |                   |     +-------------------------------+ |
|  |      |                   |        |                              |
|  |      |                   |        | YES                          |
|  |      v                   |        v                              |
|  |  +------------------+    |     +-------------------------------+ |
|  |  | 10. Continue by  |    |     | 8. Store CRED as valid and    | |
|  |  | considering this |    +-----| (provisionally) trusted.      | |
|  |  | CRED as the      |          |                               | |
|  |  | authentication   |          | Pair CRED with consistent     | |
|  |  | credential       |          | credential identifiers, for   | |
|  |  | associated with  |          | each supported type of        | |
|  |  | the other peer   |          | credential identifier.        | |
|  |  +------------------+          +-------------------------------+ |
|  |      |                                                           |
|  |      |                                                           |
|  v      v                                                           |
| +-------------------------------------------------------------+     |
| | 12. Process the EAD items that have not been processed yet. |     |
| |                                                             |     |
| | Make all the results of the EAD processing available to     |     |
| | build the next EDHOC message.                               |     |
| +-------------------------------------------------------------+     |
|         |                                                           |
+---------|-----------------------------------------------------------+
          |
          |
          v

 Control transferred back
 to the core EDHOC processing

          |
          |
          v
 +----------------+
 | Advance the    | (Core EDHOC processing)
 | protocol state |
 +----------------+
]]></artwork>
        </artset>
      </figure>
    </section>
    <section anchor="sec-document-updates" removeInRFC="true">
      <name>Document Updates</name>
      <section anchor="sec-06-07">
        <name>Version -06 to -07</name>
        <ul spacing="normal">
          <li>
            <t>Discussed retention of completed EDHOC sessions.</t>
          </li>
          <li>
            <t>Discussed handling of incoming EDHOC error messages in a completed EDHOC session.</t>
          </li>
          <li>
            <t>Clarifications:  </t>
            <ul spacing="normal">
              <li>
                <t>An EAD field can include one or more EAD items.</t>
              </li>
              <li>
                <t>Use of a new EAD item in the EDHOC and OSCORE profile of ACE.</t>
              </li>
              <li>
                <t>Table summarizing expected behavior for different trust policies.</t>
              </li>
              <li>
                <t>Scope limited to authentication methods defined in RFC 9528.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Consistency alignments with draft-ietf-ace-edhoc-oscore-profile.</t>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-05-06">
        <name>Version -05 to -06</name>
        <ul spacing="normal">
          <li>
            <t>Generalized trust assessment of authentication credentials.</t>
          </li>
          <li>
            <t>Revised discussion on the ELA procedure, based on upcoming updates expected in version -07 of draft-ietf-lake-authz.</t>
          </li>
          <li>
            <t>Added side-processing check about the absence of expected EAD items in incoming EDHOC messages.</t>
          </li>
          <li>
            <t>Added "Operational Considerations" section.</t>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-04-05">
        <name>Version -04 to -05</name>
        <ul spacing="normal">
          <li>
            <t>Minor clarifications.</t>
          </li>
          <li>
            <t>Editorial fixes and improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-03-04">
        <name>Version -03 to -04</name>
        <ul spacing="normal">
          <li>
            <t>Clarified and re-positioned exceptions to NO-LEARNING policy.</t>
          </li>
          <li>
            <t>Added security considerations.</t>
          </li>
          <li>
            <t>Appendix on foreseen advanced processing of incoming EDHOC message_1.</t>
          </li>
          <li>
            <t>Clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-02-03">
        <name>Version -02 to -03</name>
        <ul spacing="normal">
          <li>
            <t>Consistent use of "trust policy" instead of "trust model".</t>
          </li>
          <li>
            <t>More modular presentation of trust policies and their enforcement.</t>
          </li>
          <li>
            <t>Alignment with use of EDHOC in the EDHOC and OSCORE profile of ACE.</t>
          </li>
          <li>
            <t>Note on follow-up actions for the application after EDHOC completion.</t>
          </li>
          <li>
            <t>Removed moot section on special handling when using the EDHOC and OSCORE profile of ACE.</t>
          </li>
          <li>
            <t>Consistency checks of authentication credentials from ID_CRED and EAD items.</t>
          </li>
          <li>
            <t>Updated reference.</t>
          </li>
          <li>
            <t>Clarifications and editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-01-02">
        <name>Version -01 to -02</name>
        <ul spacing="normal">
          <li>
            <t>Improved content on the EDHOC and OSCORE profile of ACE.</t>
          </li>
          <li>
            <t>Admit situation-specific exceptions to the "NO-LEARNING" policy.</t>
          </li>
          <li>
            <t>Using the EDHOC and OSCORE profile of ACE with the "NO-LEARNING" policy.</t>
          </li>
          <li>
            <t>Revised guidelines on using EDHOC with CoAP and Block-wise.</t>
          </li>
          <li>
            <t>Editorial improvements.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-00-01">
        <name>Version -00 to -01</name>
        <ul spacing="normal">
          <li>
            <t>Added considerations on trust policies when using the EDHOC and OSCORE profile of the ACE framework.</t>
          </li>
          <li>
            <t>Placeholder section on special processing when using the EDHOC and OSCORE profile of the ACE framework.</t>
          </li>
          <li>
            <t>Added considerations on using EDHOC with CoAP and Block-wise.</t>
          </li>
          <li>
            <t>Editorial improvements.</t>
          </li>
        </ul>
      </section>
    </section>
    <section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>The author sincerely thanks <contact fullname="Christian Amsüss"/>, <contact fullname="Geovane Fedrecheski"/>, <contact fullname="Rikard Höglund"/>, <contact fullname="Elsa Lopez-Perez"/>, <contact fullname="John Preuß Mattsson"/>, <contact fullname="Göran Selander"/>, <contact fullname="Brian Sipos"/>, <contact fullname="Yuxuan Song"/>, and <contact fullname="Mališa Vučinić"/> for their comments and feedback.</t>
      <t>The work on this document has been partly supported by the Sweden's Innovation Agency VINNOVA and the Celtic-Next project CYPRESS.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+1921YcV5bgO18RCz002CQWIMkWVa4ahJDF2LJYgGzXTE9p
BZmREKXMjOyISDA26td5mm+YNT/RT/NWPf81+3pucSIyQEjlrupcq8ooM+Jc
9tln3y+DwWDlcjfZWVmp83qS7SaH0/kkm2azOq3zYpbsF7MqH2Ul/atKxkWZ
HMwv4IEynSTP8/E4zwYvs8lkms6S15dZmey/PjlI1g6ev3y9v76Snp2V2WWv
QfGFlVExnKVTWMWoTMf1IM/q8WCSvssG2eiiGA5yGGYwhFfgyzqr6pVhWu8m
+WxcrFSLs2leVTBefT3HbRycvlhZyeflblKXi6refvjw6cPtlbTM0t3kJBsu
yry+Xrk6302+2/v2IPmxKN/ls/Pkm7JYzFfeXcEAszorZ1k9eI5LWVkZFiN4
YDdZwJK+WllJF/VFUe6uJIMk4SW/SsthkZzmk2KYriTwKUp4/PgQwLH3jL6o
6jLLYMGHVTr+S1GOqvO0BrBtb9OvQ1jQbvJtXtX8OkwIo54cDLaePHr0MDmp
i+G7i2IylR8Xs7qE50+uslE2o++yaZpPdpMprmOzpnX8lzLfrLKVlVlRTgHY
lxksODl+sf/l9uNt/fPp46fy51dPtnbkz6ePt7/SP588gT9XEMr+INtPv3oi
f8LTD+XPJ0+f6J9PAej45+Hg+SYdZTrUkyyqYVFmg3lZjPNJ5j1EP8jv77Lr
wWI+gsPufGSST/O6Ch6pssHwrCgH2QwhORoMs7L2HiHEwnP8pbHIK0CH8aS4
GqSz0WCelum0ar7KO5lX7/Anwt/Bi8Uvv2SIFfAxGEKfgfw3AXSt4Jg3k5P0
vJillfmesehbwG5AijqfFVXwSDDE6WZyej1PJ6MiHOP0IoW38sr/Xe73qrfS
ZG/GS0+OygIwrJgAogG4E/59lfE2K/OsQgSA1w9PTk73ku2H2zu7+M4wy/Be
VEkxTuqLLNnZno2Svf1XycnhNyevX5zKPaKbDhTj5Ho6L6p8MU2ADJwU4/oK
bmRyCncZb1+K78Jj17B4npqOnmYbPPxysLXDO0nLc7xHF3U9r3a/+GI02UyH
0024b1+MivyLrYebW1uPHn+x8/jpl0+3n2zuPHn46ClcshWgP3jHYIyTg+9e
wF7+OyDp4Cf4/I/VlZXBYJCkZ3BH0yFc99MLgB+QowVSrQTw9BIIVpUMm5Tr
fJEjBGj3uU/nBCaICTg3UKtslADCJtnPQzij8wwHZqj3J6qbvNRpPhpN4Go/
QAiXxWgxpCkfJL8+yPGL9ysr/cdMfv1VLv379wlsPE0m+flFfZXh//dZ/0aS
VfNsmKeTyTWgZ53N4MoReBYVgGVGgAPQ5jP4uhpms7TMiwq28hwIsQBvlF1m
k2JOAAfI0co2YCmzxfQM1gtfIeiTupjnwyq5ygBxYMAKBkS8GeXVcFHBv+CV
KsF9n+PA47KYJsCD8uzK4KgBOnMRmLjKz2c0Cj0enCLgQ36Z13AF4MZdZJW/
BFgSgAagO8J5YY/F7BxgMAdqA7ulvRUtuMEXD3DpArZXA0D1UbNAABwQtmwy
3kxeAh3LNvDn6wTvzKyo7Z7xQecIN5Kri3x4kZR4fLCYMeBxBdgL09Ipja8V
5rC3BeCHTggHslfTDxVQEiAZU5jSLDwrCYSwznQ+nyA64EYWlQ7G+zGLL0p5
mkkOoNRZmZbXqwmc/tkEX4K9EX4M0xlup8KZAH3OgV3BChawA4E0Hs1VPpkk
F+llRlACAoxzThHZCtgGMUT4Bvj3+UWxoE3kZQh0pOuwx0MAfzlCoBewXEA7
eHW6mNQ5PAz7BdydIwLDt8BgEMjFJZFAWkcKAK8qHFMQqjAYQah3BZcM/wtj
j9NhPsmJnuKbSCkaeGCxCw/XJToAw0k2hFlCSOixVwwB2XRIm9IzAUMb5m0m
cNZpcgFIMpjg3SPs0okAo/5lgXQZ10jHMQXJIv8FkO0MrukViASfJS9hOXSS
MOawwGmQQvBxI5RoIVdAPBhvzzJ4CMnBZTrJ+doihjjIBMQFIADAvszkMqYz
fzwdDqHuj4e3M694/UjEgttRZcOBjDG4kHW/f7+J2ziGZc8UNq37gBtaMyhq
REWaE058UhU4AYJumCIq0GO66qws4R5MYYwUyCWsqsyGGe0OpEq69oimMidM
c4tNlLpq2cUBSmjDTOnnCGg+ECi8FSgAJ/MCoExodpXXQBuIYNeIppMsLYlS
zbIrl9gjQIZlRgQOtpmMmFbD3rKfQYIOkGnpumkZgykIY5NKlvysTGfDCxDO
irFQ9zmKFFUlOJWD7DbFvxmYAkbdAghmsM7FJC1hN7TXIaIvaATryTirhxcq
U9BRGeRv3+Hv6OkcXveXcfAzyTCTZI9kuvwXfvM5iO/AQfeerwMly6aVkl3E
hkU5AxaN3HM+SYFiJ2UxyRRP7rS4HhAW+AwQkgO7BcUPwAckNhnQWCbaDFUk
brSsfYdH7zmX0oiGa/vF3pEIC6hCoLCArH16ls+EwOK5PAPV493gKsfLAAdc
jZFxoCyAr8vboHUgnwJhsMrPYEF1ASId8kEaAVdTzIH9EL2Rm2RwTqVzIBRj
WqzhfqCqwGaXA+rMrJBgc4oMb1jMMyshAJuHmxNQzoDCFjMSdoaTxYhpMTEz
w9jNToIzncJGi1ElrDjXdZ1kLMHtbG7jGFYeQyQ5S3H98Ot8AaxzSEKYPyxQ
82S8ALzLHA5CVxWFMW9X5nfCdl7/kq0SUdPvWrZa0PnFN7vBTCxlMBWzzD+7
FsUq3Hx1PYXxStg/bGVQXQAxJnkUBckHD0CNKIFYFJPi/Dp5gIJwbb94z6cM
6j9uALAi+xnJH7wPBPAMrmQ6BVadKv7Bi8xrYc/DbF4j3Z6k8nhE1vGEr+Y1
2aCxet8L3I7HWw+FY/KsJ8qRSF9yLuq3yD1x41FeJ0pNJXimp8lHMi0qPODp
FMGcg1BYC68tQSI6B6IBUkAyZKEWhNus3GD0J/x2lpDWjCv4CEhrVXKZwwVH
Keha4Qki8gQ3dQYIQ1LEqYGn4bXuMESV9bmGsIDwY5bbsooNQXGVUt/NiqtJ
Njon9IUNivQNF4qEy7MMttopgcCAm9nmRnJ2DdidzoxaQQ+9Pfh5XpTI2VEL
KkECzCynx0uANHm8mDgsX6TkJk9N1qoscyjDo4AyoCr4bJFPaGsFsxaQ+i5Z
TQDITIBI4m+A6wDCip8pM7wGIPClRCEq1mrhaGcKoQsH88JzQQE4OIINZWss
SIv8c22FYxbTKiOnASIWqlID4gHFwgWgOEMicqqKjrMDH1lJziLcTFbD1awm
aD8ZKWJk+CWOMIXbWwIfpS2QSSereTyibGiWAOgZ0yAywxpopxmm0h/MnX99
9hcUoMwbfJMtCz0+ODnFkz6YXeagFbLGsPb6ZP/18YFQB7S4IXVghCLJVrjC
kDRphl8D51EI7RaSA8zZ29xqYM73cFwl7GwCr2xYnS/UIkoz/xkKMIoROWlu
RA55JUr+G8iRbZ7r3vQN5F5WPG1AtmJlmCGFamRt0SWkN0SuaYQMJalF5sjp
oADNaL4QPMwuAmL6jJUJJbUPQjoq2CuMJKA2KRO8I0AzoSMkVON2aTVtWkVy
QkSSeZDMgGxmM/kRAXaCcAa16x1bF+SBjRjVPQLRoATZGN4hHTHD2YDNpUOE
Tx1VtNb4bHA0AXaI/uu8/iuY/DybIVYoyp2w3DRrLqZcIN6QMuHRtAjbtMIe
IQ/CcDN5M0ceZCglXAOllZ6dwYwtautVQe+r+ijCDRADVMdpNW1goP2Q7i0G
oRBZ8MBR4ByCxFGzxDLOzwfmqwaOvE+qi+KqalDTxj0l6CIGBKrsysq/2k+S
ptXl+YpiJn2e0/k64NAR6XOcwSHogwqNFX4wSQaDwR8IPOHJETToV36U/lQY
AgRXvEk8CpTXSesnnMLd28qvu8mDTmCy4frr1ZcxOJ64cHyZhrd4cxUIQY36
wgD+eT77enVIdqxVuMV74VmYq+ufxQYR9uzndErWIfgxRdkXrWBtulqyf3zw
/O1PdLDAe/MSrZIwiL5LwjjTC3xESQWTclbX0UxaLMqh2BOcAUlAKbPL4l2m
Jo/M0ewsEankrQ09a1CSkdmKxcI+hsy6YWOBB2VSvPxEueG/7VtOq6oY5kQf
6FZnubnSKh8Y5sTs7khsm4lwWEsD1jfhAEVjIGbfQvGEdKajUc7+Bdg/Ez5d
O8krsL2qLugQhkWJho9iRjKTs3xjxi2ZOTTE6jb2gAj9gbyhjS7ByZJZNB2T
zZOx7hoFJmEPAiF8P698ycHyz5CkN2EZX5dQRcMaxHzLqABHpoKH/pxeZyKJ
o3G2IuuMMYyBYrGY6XxAT4Zoht1LYGUiAoAcdXAahYKoeYRU6cwiCWm3clWB
41ggBRd2tMhUabPyJOiBFTB9Uj9wYsSkEnklojlpl6OMtUf4gq4wrwgt4r9z
X6LbCDwDLdrVBYs3eFC4BCQRU7JLI/fLp3KX6ViBN07SObsrhoCVI/EUZGzE
86VsNd39DuBOk+OeM1bXSf3g1aj2QieUzcgojNPyJZkD10VhYFhez+vivEzn
F6BIs+uUFwY8azEZEc6BNDJP2ZvCMoK3SPFRoI8DreLC240cl07OC/jjYhrg
JK4LMLfDdNeJtoTtsl6SgH27zhLvMGnVP7LtGE7gAuCRzaooYXHI85w9nBXS
PsYexJktoE/jpobCVKgixTa5KCYsqM2a9w1UNDqTkzqbJ9ubyWtEarQLbCAf
9X/egWUDD/0s+Q7uyKISuwlKeVWE+9OlZCtkwGSUW9M1Y4KbTUYo7cA3/4RM
AOQtoJJt1Ih8XyBrVTkdFV9qR4M9iQlzHXTb2MENnXGuNpJtTwJE/wv72Gqk
UrBqtCGpWR3lSTbmCJW4bqWpntBygpuiG7khqwKUrnLiviehDvV4M6Z/09Gc
WlBXiznq/ygAo5bDwQuOmxR5KEBhIk5x9mbBrBhcQRbhptwcWBNdUZmVBDjR
vFpK8SPL0dWiT+faRRgmrcm3b56/Pum6WjweXa3tzYZ9hs6atIG2+afswOBz
JXTfiqNR7njsZBDY9u0A0Fga7hLl5LbV8fZjgKdzFxIQe5NZBwlXLhrzOvjh
ph2FiJpI2+LUnhXJeFGyYj20Cjky2JlHNqL7axKSneghufSOMbEKiJtMviv4
flgb/RJPofltJ2HC4/IUyg0jTljKdSvaFOinZyLnAhlwDqcYkrQxUq03br4D
We8NP2/td56pWsnBS99Ij85uOidnRrF9rzsA+gfUjT0BuVUxbl1Am4aMGoKV
IohxgsCymGaVKxazYaWdMhg1OHqLC0MEOxXyhn4Lx30j/7tcaerD379e2SuZ
h5rPgHRtR6t3B7UPkGK/0gASf5iIyIYiVgEJsjQ87o+RtTmfPzf+cD60v/Z3
bxp/NN7908HJHd5FeF72mbd7b9E5njcux8phJVwgwWPrMwj50EOEMHz2j3SO
/ufznmu283bDPniuFc7ecx0w9Z7r87lZOQauauB2D+PdZr/9nrvf/aLlSffb
QBPnOaLc2SiOBxYhDAHBwyMiArSGqbUjQDTIwBK7mkuIo0Y1oI5Egxu2jztY
12ImFOCRz8gkv0f8KznG+IgllpW6AFEnsK9E3UKGxdFi1cq2t38ALCydZrhK
Vsp9CxYZiLyojiBYMXO9N+zm3X74UDzTgbNGqS7+JAxHIpwJrLCWuNe7LS7a
6qyjArdbFRuk94jAYPecYpgYnA9OUWZiOKyyEiM71o5P1kEb5QhbqynpY6zY
ecqXM9hwkmugQJlRPBjrL3yAdDjGEITP+6DUFeydrBvTRz5TEye71FGuvMjn
Vtw5PhEh1Z1DYyUq/bpk3KETHWqoTmR3Kt8en3ixeSjxciRFu0VToMwg2KDY
ajjlvTenL9+SdXEfTVji2k3hgX24mJMiHfHw3vLFZnJ84oudaMbee07BQxqH
QahhzNuq4I5slGwYDENaKkXkrW8me1avVG1j74T0HF5ax8rQOXyWXaRoj/U3
zmoxv+rorSdw0HXyHCSJMj/jtexfYHTA2snz/fWWIJ1lUfaE8ZQeUmFwm8WK
JRcrlHNRrRNHpaM5etfViMLtsiGdZF6qCbLVjbbM2Zrs1eb8GyeQV9ZR6ccI
WOm+4TZM7fOu8bFlJwGiGn0P1TrU7ry7PnTu90UWvVNITVhnD+02ZkDcasNm
6N9dL/4pBAvTAM9ujCpAfZWJQc0hfqW7ylCt6wee7zA6ICki3sy0jpPcNnN+
zzmT/dOfOgz8anb92EZ4grIYw/m9KUZW4+JaVsYGCI0WANBEA+wCpY+8/8qs
2czV6vSYiSY/2UjmkwUjoRNZ0rg/5vLgooNQE9X189r1xSHg8rrhTFu/JwPx
5ic2EO86VsiQsnCoMrCHPLs0sW4mWlpMnwILPHCF0HVmVWPZqSBresUIgO82
YXjPxmo8Ut9YDd+4BqG2G/2fxuqYsXrboGVore42gfawAAsmi7231XIateTC
mZqFeVYxHqaXMbWNzJLE2duk6tp1IysZFRlfArMk/+CRrnjwNS8IoGUcEKMk
3LmFAHwc862xQ46jUgj7/ZqUwvIkd2di6VWdNIwTDKIBGvMFwnjb8Xk3gGKZ
TFShzsW7Ar27qDMRcJqBdC7v6SVOhkpO3twTMstCLndn9J1cxR7q3rpuxr+m
KZELT0wz9604w5DcylImfAaEfjbrunsw6QmVaAM2mjkqwuFAxye6ohc5xVf0
cjU8WoJpjFawmknWefpWRnLuSYCASDxkiVEZ96ifUwKn6uuU6MeDPtgpwbRi
uWPh9mfzaNN1Wf5mfRJtgF3qk0Bc6K1xtQxjxB9YCWypnxrRzxni27Q6YgW9
VUs65TJHSSR+TWJv+9C+hs2s2/HhrG/FySx1bCQbK8gU7+Ao+f41Gt+tj6Tp
ILHkGH95TXSQtmUcJQkZUz0o8icS1S4fsZOk3oNsu/VFafyE1836YhzaG5iA
Hcb6R/nSY3LM3OTjrpk+f9Zh+lm62z43v91hlrsregzTx7rfY5gP+ZhhQonN
cdjdZhjN+fZEstsP03/mJcP8tvDmt3TgDd9uh0uoY5hYYHaHj9g4fz2n4o3j
7fXnCUhozF3sLOoDYeMM033gnT5nf5guQtHpQnaH6cab3sN0f3oO4/qaYzjT
c5hOX7Pnbu4YJha20Dpj71u8xNnem/zbcaLe9t7k4BZo3denfdtR+8Pudo9+
DAi4Xu5OotbX0f2Rfd2enN2SRiKu6FNPxF7iBwe0vYUj3K8usR84dEz6WZhu
Zqs7qPOmTcVqJBVxBphJrQ8k/1iGqs3iC7Ml2fS4YSfhhA4/f5qyK8RJTFI4
TiZKVUXlT8jmyoUG8mkGSsVx9i+LvJQIdiyVspiMUb5Gh66yrBnWrsGxcUVH
x9++xYIm8LvKyy15kc1gvUrsobhC/GvHs4zSakyxHvRs2CVns2pRak5hTuZE
gStVmsBgfAkXPEHdnbBVK9s43FUXT85vEtyy8RhD+tHFmWLoAIaiZgPQWWam
MIP6gM6aR2ijFMeLGRuZegQpUhWIN1XWjQt4Anh2DGYtdTBuwQyGjBTwwawB
tkCitxT9w5iJYrOfBT9dW3zpewkp92KUD2vKNq0wH2MxQXzZO6PSBbGsCN46
rQ0hC8eFJQLIRz3JxxllQDgGoQB3OzGW6y8lWEpvQpiIBvwFXMsJZ444yZts
ZRppuon61HoVoTF5He3jTTPY3DWnP/CZkCmdbVNSd0Y2iHkfNV9pIykWbLlq
cyeP87KqOfHJLzvglV85oFo2r6QIy8qK627wXd6CjZqLGxKovHJWwvhxkV5S
hItL46SCSTaS04ENiBNFM6bln293Eltk5+2jjYQLOLlp8S7eiLmDfKiBqXZn
82nouz+s1bFHuzEVC445jywz1XvQGm6tR02S7dSUwSXFa9u83dmwSdZmR2qe
X1RimJThZZPh04W6Czd1sYezvAZSVNzzYh+1LbbXQne8hb5grwx7GuyJPIkj
VqS6ko19dRYfc0TkBIyJWtJ4ECwSWW2iPGCpUTuCb8jGOlF7A51N8YViFSkO
romG6wKvmC9qijAAUjAFAlVLNBoW4jAgj4yqnkoyRoq3EBYZVHdBMpMCWaP9
YxBWjSVguGKYsUEGZx5MJvU1uCAIUe4W4sL11oxPP+WgApOOJkXfhhzzw/Fh
Z8A5FPNaRiWCXmZnkvBpn3bzOwWMWnqmTW4wzkcE3txPuwlBjPmaXA5FmQnb
BeeTdEFigVRxyyuprce5mLTdeYmIiLVbSy6ew345W8KE7el7M01exFFoV7be
Re1RHrxXVfNOklJVKy5UbdXICAmYtg0Wc+tBssSCVlVmf2FuGcwDB/uyuMIq
EnIYksAyAsFfCovwmvNa6ZeBkjFgEaukZcYB7tdRbEey5AQPOTqEJDMh2pnq
glxOoTR1UDyBGTAIiwFq9Ug8vhqjZSzOUSWl8tK3qAeXdznW3eagY3yx6uQj
uKcN9Q875Rw7WEv/yiwoZLG/oLWiULAXxxuNgMg49/aey7e0x/L9zcutfBbU
sOOoAykDRUFJVJTVVoLi+mpW8geAXKXlyNxeCq5sTBwEfeheLZZanNI435Rn
lWBdnyFZUhA8zV7ovgWIMNbJHmmwEALO4RKZp26RuJrX7+6SF+UUEUZzzQEn
VCRydmRnq0yohJbENdGMrjsSI1oxfBo12sZeAJuENlHGUmNDML6UREXncRdX
jlSd9Vzd5EN3eWdAx3pFYfh7azu5O55aXKAlGLrefWJuU4p7EMEC2azDYxXV
7OTIPVCuiMzdLF/lv7qMj7ZCvZGk5njDvRG4UqTN4J9k53DvkOYRVsCyJD83
YM3jNJ8wBgqKRyHncum/MeJ1X04UVHUWxsWBjZbTqZqxeAYoIAWAfgyQpoKS
lgthjd+8WFQY9W3LRNNNlxuQ3SIMydldrPRZC+7ERBO0a2AxlrO70lC78z43
8WMpgZ+Sbjp7+Lukmz7H63Vicd367jTToTG3pZn21d8QzXR4QB+ayZA7lAAc
MiOmIyCfFcbd57O/UEnutvrOWvle9uSITyi2NvbcVGmdV66oGotb20k1JRpM
Fs9B+zI/leTUMs1GtuXaM2ThvUQVnEVCiW2TqDo7bUyn3GGjZ+zxcZllGFBI
X5NoyL4UKsbHNjbBFfpRssjMirWw7GV23dAwd5rc6xNf/4/EsKzo+1thWJGL
28KwXhiG5FtM/Ch4iYEXLUopC5mZGRvZ+9YKM6v29Nphq10A7U2wxnxOrhbH
g0VZBqYE5VUqlWQBlYwtqYlIDp5ELQ0uswBQUZkmNXRZQ0SWVrkoWpxQM59n
6USQjxNX4UEyjVYRU7a51ZLfFrQTINNPRbf9vHRqZIotrZkBtFdx9Vkpl0Vx
merichbPSnA1LPOzzG0BcHrRmpx097wkBZWTbNKh22vsbreOzpHMYV05vt+M
9FqRvZnMQSaICBYvR2FYm1dgU2D0BUNEjjSKoVS82yH+cSp3cv9iDkknlAjl
gqXHgB23kP+JWwJkgvN16i67pnMp2dHvuonZltOKlXRuGLJEqBBl0pUaAQkj
nNwqWSWusPKW2IV5DVLrH5DJkOISijYjSFytLcjWi7ME2UgO8thwctqNkrTj
jLoR/JjPRsUV0QW5g8cGA3VrGKtw+tO6XhrDmrgc5elPJmXMbu46q/uB3zr2
qLTkwgolEUGzYhlU0nckJUC8oygsVnWWjgxfa67xkwO/XWS1mEd70Y3WMYPI
nbnOg+SUsuuP1D2OG/1OW3x8n11RFwsn5X3fafGhUSherw6s1Ki5Ahj+TIXE
O/qEhD43myxQ+flfbmMpMb5ySgDJmV4whGFiUw6zF29DhIUf0chDCi9ZXqW1
mdUzc3MbXriVJOl59SYsyIpNkv4RmvwHxXhwRt0Krp0armJLL0nT93LzvcFM
JrSoLE4+TkfqP633SGrAUjEz5BNFUDzg7bbrHN9BuzcCWvq/oDpx+JyD9Y8J
K/Vfh8DossmIBW2O7edFwxpJuCf/bs73D7b85vjQJqtk2jHFVne0NWV12yX2
csgM7Wy44h8HgTrrai9phwkHKi1t18I7Yw0ylwYYbjEGLodpak58zG3L8Xks
THK/WYQyi9IIn7PlpUbwd7/0Sb9qI1Hd21SokDLAJAeh42IubtogUyVsg2Ph
qCCkWsjXbuXPix71OGKufIflxYoZaEY3J8nZ+ooBEfDSxSQER8sjo91Ecrc0
FC3n/GK3cw9gw7xySjmK2N6Q2bE5KbFWxAdh0qnb1AVbbLDilLEfCFtrvn/v
ZeDGOlvC7SBccMnAGtkS+8Jz3SFbIBeU5GbDaq4Grlq3BXs2kcmRMr8EnS1w
aW/alKz2wzEovDIQD4w7Gvvvedqlq096XZIah0YRiHJRuS3PWCrCsaOU11Rw
7Wu4g2tEmJHRohlsXTe+IUmJmGSPO6XUXQpu5JFrG65Czluj/LJL06gIqEQt
Zn7fRCyXK9F0Vo/yovWebz4OgkyYeLTXy8HCLjNsaEKRdLDaAchgAz1FQMB5
kc9IPnbz1zDOrWyW2KYtYnampq+7XI0CH+hF1NDOmQo2dCzEYDe7DgWpEbfd
7BxN76lrWmlDk1chdV7K4z1MIbWKiyx7hT28HmnJdwd7x98ffv8NIeX3rwfm
30HTJpSV6KXrgXZRk9JQ3m+zwvnZl4FMnWmrcBSyGlz7JobZwdGJRKYLhElM
T9JUevNd616wjM9lzsHMRxLVgwR6TheZIYKY2tYhbhM7funtkN9QTkT8sAGK
fHzDYgb68NQWij67Tkyr4EIK818WC7IhUIcUErrQSlFZu59oIo26RwYFGhzf
eN6lhYXyI+aPDttEoeGuSUY35k4gIUDatpZOsIWUFpRfjz6bXf3+rPzDGlXL
aHvci5b/vDtGvvVz85GeDd4E+Bn8Z4TuDb89QrsNhAdQZKdxIn5DoQZMqzbt
s0i6bX/I2rQtaCHZm/8h4OeSEAYh9zDEq4mgkPtJUc+WrdwOfs8LLtBCr2ze
Asv/A8OvA3j3gn90kdsQ7z8M/DA/pslDNCPmRLgHM4o9wyhIiWgzFTC124uI
5GRPS46k70fYqYU5z3PDeXxbBSbShAk0h6WjqmpH7VExJznV8q3rDS6UsdBW
A01pkOxGpquD9P1Dzit2d2OPNhYw0sVn54U1Q1i/AimircZ5K/aMQ43e13Mr
VHSJ1D1vVOxhA2duOoFYDfGIjWIxw1G8Xvnh2JeSTf0QaqtsOjuKScQlwCJM
2qwHesYESwYVt4wYIK1ucq0pVbkNcI6Sc3JE2158bQWlNDWCVXCZa1bMBkZi
9+c7gufzc66HoeL/yIj/Z1niXWYr9+NWJ1IEznERF1pVwOaMjHFwlXuMRkID
AZyPWHFwutBof6QwjSQf+5vSPDUS5M3+VDJW3bOp+XDTDi00knTrfLbNzVq1
HkRLYwk1Fc5Y6UFzGyl+wTUnwdS3jeluqHl8XJ/dsOoALsCowWIWwYXD6V+Y
8pP2TdJVTAR5c8/SlpvXaJdI8r2/R2d6ahKDEeiqk/eBGuOp2+ZhNjI+CPR+
wLvIhiyYKPpdGrMaM1XV2dchCm9x/6aciUKKm/OGKW5pbXTGuuJJ5iPanmSo
xbcIB24sgl9Ya6BQxy7bInZiKvnGaZcYQlIOEFqUM38TR5J/Rdawrrsi7V0t
q7i2AqlarEMtTO4Nq3rKzhoyhHOR6MIJ09A0C1v1zpHj9RomTuCF9YNLfqNJ
vliwjUQdaa+8OVvqdZE1icsIHhkAKd1OK99ebK1obFVjC5ucljm+L6yRl42f
gICv2JJJD4pdzq9Ji89w2bij0CtmLrsA5izjhRvnhmG5jtCVeBJXaH/wj0CN
WciN89nCbXVnrpFXGLGlYNoRBu9n03ntW/WYhEneh2Nc0rAaLc1pLFC35rn+
2mRrhraa0+yzzSb6u/JwcANcW0P0EsRk6ZZ7oMLTkXvU/e4AYP5sQpCceckg
prnwwMhKRmavyJDGjYI53mCSnxGJxwpM2hnLrXjc96IpeKWcaLO9ju6USnP6
t9Ep3IkxmCQDHWnrMslQ/lvdTtMbWe+je9tMnz0pWmTNoJKs69RD1Rqo3hVd
WTmwR4PJaPZ4MDhDhW1zMv5Rb5hItFnTTWML16Wme1/TcCSMIq+tUawZoOFe
6Q0m3ahYn1+gdJt20O8rP8YBSR1lETn4CLKB5IaoUd3x7ZF5PGrgUpbrOKWj
qcCum9XcB/TDvFDnMhtw4agv8+zKtKcnpN6whkuzmjAoEoTKYnJpY/DO0uG7
8xLNsxtJVdj4L9oAJ/3ZI2CFUDHr0xjrwhLmR7KlESDqsKb+lvA7oJ6luT4E
xoTMxiXRY3OmxZ2biGw280rQfSzZUEhGWpyPrGY5VCcdUbM65nKevwAJXHB9
CM3ptz7mbFTd3OggytrUG94ovO3qycmqUv/VXtZsabJlOxAcCZFp5asmAbGV
X+b9+a70amYYYZwbXoIgwgEWf6LM5GSYzdIyL+KxDPaSha0kqsVZpRq53FQg
91dB4QtzVrfxGeQ2zSypdHm0rwcaWtNw5h75fSOie0FHLvpuMUCjvQp3UG2Q
I/zslkxYog25DD3Hn77nhZ9PENRfd9ZuujIcHRwcv+Wa892dMJyIoXjsjjvg
vj+e0wzDq7q6tPdFo2NGn64VsiV2Ne9xTRf5ThJto45ByuHk4sJu9I1D+iIV
Ma0zba3NR7/ez0nvlH5sqLEMU1Gh+W84Y7auiQmuLfDHAMNU+fVmuuLSjKZN
sTQfFs1VmDIIV/lMS6t4ljs31M/WJdUeMryMePqlSFhmM/Z5E1G9rhXM+fsS
g9mrrPc4JlZ8fcOJ2QEMXZb6aavZE/rkVaXiLwew+m1AfJeqd4rsq3NTGxDS
TgVhc/lY4bPVVaL1+uOzGLQzBhXFdeEIvryNB+dWGU3OqLoOB+UQNojlLuf7
SuwM/xFoCeHqOE7rwoQuLO+eosss3PYpcpBtnVOe79+5PUq8nK0VUyPngrA1
V4+jMlKYdiRxCSp7bSy/fKfN8HMvj0NCqSo/bogFxxi05RZWH3QHl94u6Shj
88gULuLLZtzwCZeWz26lc6Fq41kCGNqISxpxOqaWE5VZpTAmE08lWXC+YGki
PL1izE4GFqXSCEXPK8qtIUu7blAqVInw1CUJqpkd5FffWOA/70g1qxt+33WN
qcDUBTiDMifiakVeQi43sNbHH4M6robrlBRO1YLkYz7QtCDico/j/I1ZwKJ8
W3ZK0SxSvuFSn5SLfQkoXDxZAzl2TLEutLh1X/vM61b10+NdvhbaOH4n2E3g
4ouO36F+dJWRluQHPLJEx4OtHXy3t45SJejpaIqOCpQgRrx3uEbETJJNzzJp
cAUDstRO48XJ2CR9lw3wEv2ilMuRpd9EkgStXXnNWJXXxXJkbSRrxnCyHosu
7HaBRKN+AwP8D2E9ooaySwmGgBRvopirIZBOkJLYCMoo0mazEhQR0m5EbvxR
QgzNSyREgnhf1hId/oZp7o9czEcOHsb6gRgetbuZjYpS3V9SnfxDybcuKEK5
39DEP9xCbnrz4SLTmzZpKYhl3TVJLWEh9NgCm5GvudOeLUjbtWnBDHBjXyKg
XoUWQYvGYpPRZL/wChAdO8nRdphLIxMqrePLV286XRSBuBPMgOCjdl9oDUQy
3/SNSqRqQOiUaBkzSy5V+ZtbaIF67ExvA/WdbqjnLUA3biwqiOMNyWqnaA6a
StSTd8itEHRUhoFFhCQfuQOWPtN4022yjIivAV2yLNPeeo6gIiftm1YTRoO9
59IL7jZcnrz3mhp4y+tmR0ElQm3KV2FcaINVGHMTikBpXtkQedJZ9Jychbic
y+mq9EaUnMokhyt70Bz7VOuU2Vw96/wUGspyNYP3Kq8u3DCCCBP4kRP1JRdX
4nXVhdKDk+UV+y6icQ0RZDPsjslIquzE5pY3yxI0royJgrHMQQW0yA5Fp1tU
GjXBB5HWnv8/vC3kf7g19bgjEu20I1F4zEyTdBQvY4ShUXXBYuOOgHgAnGCU
sQBnQukPfVlaK3Ma4U4WPcDYnoHdPtk+nbpdGo5emUp1FBaB6wrthMjbu3hK
kOA1zurhxRfGONyVMzbzSzIsTeFBqFci1BiHAiwD9ai8mmp4NEHdUB4HX/Xk
Kg4LixTP3dn8yi+fG2bHNLDoZ4KRJhSh2dJXs9m3B3+9/Znj4H5Ovk62NhIg
YTsUUP/IiZQQ7LJJWO64GHWBDgmzi02yAaO1wW7gaaNopbHdah7CWKseY0qY
BQk5kDCmRHKO2WVES15Nz8ssc0PeFiX9Kq5S7pwqRcSwl5HgKtNj63+Zpxon
Qnkf6u9yiq+tyukajPTSJrzKc2k+JaJ9kU3mNiMekXaWXubnGhcVW+qUOQTa
DbnqTh6JN7RSswGRcYfF4mKqaCaVXb+9ZJQNDzS/IKfNYlYHzmdiCJXJtKcL
pXnqfk5MN69YovDYvE5PUmpw2qJ0nzmOymWFyWuPua3FnUTHR92vqiVCapC9
yIAcltdzd+O+EGSTFGxCupY4TpIfBGxqkGpvAF1KBCE+qloOswjlr+KcNMle
llHF9h5mxtl1Kom06/wMCw975cbJRIslJRwkZI5h86lJFGivqGxSexow0wRs
KWu7TOA9yc9nKca0vS3Kt6/29oVMNVHGOz0C/wtJn+Riki4PdfLRkUbu2FiI
kAcz2PEKs1i172TN4dJw48dSaWZt/+R4nb1Y20+/eoJ0/CWHxalf1qq6UXAW
mqFoyzSYEiJYGJQ4B7xTjK3F27laeICchIYGQEzVmlNddSptyUqH4ZdEVGY5
27nZpcurtMy72eQNVw065FydQqNLBC1AZdXl+3grz7B40WqydnL0el1xkSnQ
EF/WUGWbqEYksSPdlpcf0rmg2DZnKQXRjrAEm1aZln4jAydORObmteoY2Bsi
mwLDT8ucpCSuokkIURYT9XrjHHIe1HI6lK5dSUXzNvmcyY46SgK5SW5z3IIZ
WoxCQMhdR8wvF8PaLhDjEIi+vyyuWATio8RqHtYSuhCJbFeDpJluuAqyKs/m
1qRUi9aNXjeX3YRv1xFfoaEvv3OEYjQ+IJUTDzwbLlzIBO96S4uDrNLcZ7E7
sUxkaYMYR9D1obRnjtqoJ701ssa/ihZfReY5yblobVSA4rubllnidgcgapBV
2opeoByT6mBclRI22vbbGhkjgGhKAyFITIJ5paVIHByTPagzVEsAhTJKEI3D
8IuabNfFlE5WEAyXaQyyYfD4XYYZ0BLQqZA2oLRgXswHdTEYUVT3PW7ahjxh
378lW+dVi0eR+j0sjJPFJnj4HWqDkwwmtVUMnSMOO0kCBKlrDM+Ul84FYl9R
C6Vyx+xJjTBsye0MrLVtMB7snRgniPrMRpZE505QlZVA89lcCBQJbq+QGHSL
aLSqkSMxWN8e3fbLQn4ybdZxHuEGpmcA6w+8G08EEctv+LzIO56IExdTLEVA
qUjbALjKCQVU2Ch2xZTYnSVdISeji2c/r7IJoz7IDBdUQi6vM4MKGXw3xXQG
SoXKs8FLQLUpMnKTOlEl37z9iV745u2frGRhfaOEfY3ymf4adaMdmrcZ2U+l
j6R9OHVcaOA96dEk4jitwcIwm0h3n6DMxyuzqDiveMUNXAdOqIegG8vaBQvB
c1RZsAl3eU3OdJS+XylSEJrrlQE8D3i9FDjXS0BSHufTa0yeKQxvFWw+buNj
Dfk7ki/XUqqTBHJPlo7eTtKzbGK9uj4Hck4C5M0CZNlfshiXa/A4Tkb8kcyV
C1IynGDHyzSfpNSdwFbiyqjsoC3waeihDdJ75Xq3HHHENJKmcGlQahGzuDY7
mq7Nwo0RTfJAdJWHYywSS8u020feO+bQVLvIMsOofpo95P09WL9HxeM7mKnF
Xzcx4yKIuoG1Klf5H3HFDViS+kwUYnJ9lV6vGxzB/gGV1YYYFxx8dFAuOH5l
3s4KTESM4J5gqc89/BsTBLP6jXTMjJZ589Uy2D/LMqevV31B9k1PCLi6KCaR
4jsm6tncNYofEzo65aTJ0BjLaXcBf9XI6SjlZbsQLrwlgaZOq3eVBNO2MUhj
U8FxguyWV0BmMnbD5JHyQFxBiQVDLPGT2qAn4Espa46iSjAjIYHI6eNSd8hU
lJbS0E3Jr1Rp53deNOWNTDOptMH3WTNc3Shn3RY5hlXLcNwbTcHildZ9c3W7
fBxfEQY3achD5YOFW3ERQWWdymnkrlsI6VBTVCM3X3pZ8B2aFzXzLmobU+Ho
jsqqMeYXptCSEKb7s5ZZ+QG3QCY5bj70BZAOteRUfZw33fM4uBQL2DJJIoWX
TeJmkKyhIN0lrPlb8RuLdNg6Xa3nlTeESA8MfiaDJmlBO8O5BgYsgkoKACG8
vmL4lUpgDqe1XiFFIlSHraGPIu6R83r+npGxElTGTIDJEDiBhITWFgpRkwV8
P1oMPWWGFHqmDzHQ4BczSiWPquEc4sHDKl4GPFFzY0ErOM9Kt8rKLtF8Bjw6
JRdT27moS67iN7zQHrVJWG3KhWyzfLFzGOQBHGZcW9CDi0CrYU7vMhO80tBv
h5ZvSCx7iy9rMN16/557dXU+tT2Y7lD7MDbBs/Kfo+8LKDKLsalAwCKqCC/M
sFnUNYULOkwaGD/GyzHe4uH1gFkMqdYDpAOVs5zKFMwXbcJ24aLziU5Fwg0b
DXUS5WPOoXRI/rlL3m1iHvmSxrVt2NFi/NswF4kM4raTjd6r8OLGfCKuCM2V
QdlrZ8nhJZWqD5TncC2qFDpma7/LJKb0gx4IEqFv8TLmdePiURpkrruDBVG2
7SyCL6e0bGxyVYP16wbELK2FkGB5TMUwtU3aVl2CqpHq0N1gCpL2ffGP9Emr
VqFlFVuyZl7rqgHoRdkkGaEjlqkG9kfd4JBZBh3Z6ey+HQ3KrSNLleCc42og
VzdMqAoDiMdMMIPltJSFZYPJYnb3WYeTLJ3hAaDVYZpxKmJjenKBUVAPRvXx
dbhyyeoI62RIeqyxxEi4j9NAlURAIUpOAhreOJSt+lw5Tp7yBICt5MGS+ACk
qSsrz29tdHq71WZmMn6UDce4Y/syGHeK56waZVTe0DMEceIchnjID1Ezi03E
Qz/SljqnVDatPV4flXgMVyLpM0dAvianCtqLfBZtjYBGzbLjLxE6Grl1Fhuq
IiqIkCJ874IIKVSmTDde46n4qyxxI9Czb6kSQb+oi2Ex4Ya55P+QKhfAi7ip
tU2vLpdZcT2TrcJHrp9RfEN6GiC2hv5xWX1eK+nOnjKJYWxqly5mWTSsww9+
jQUgbsnatOzGHaV923ihPfOKrRglWkpHnPZF9rYCwDW/kLwPm0S2msGSJyBj
rzZLLNzqMifVRYqyfMUtKmCdmNnNC0/r7peDuiBiqekhofFm2eWkMhHo0KAc
qjV/mTg40IOnTMIG+XvUg/w9uhv5e3Qr8mdPvpX8iVXVIYA+ZXv026Vs6l6+
Ky1pnBt3b7cotfwUCaHCNF+6VUQvV3Wsn1bZOtgPlzc0VE3f95wTq+ouCoMm
Qk/E258Ql80SNrsQzj7WhmDoFKA+52TUOmZrHmGaedVW1rKI5WS24yF4ayav
fIUCo63I63lvHFRzjXAqsAQ1bim1vMwGNIe0ol+yzmjkyv0uqKhqZ0WEKTD2
8AK37tAaxKSB/QUUt4rMaPD8BexBZGKtTJBTKmB9lWVaT640eS+BSUK9E4Gv
0WqZUlc61azhlt5DLh5hatARQPoH9zTD4FFTM8YcCW/f/NugQWBJkZAtFDKu
MD6QkuqQw80vsMiFzZ9+uXdyADzEofxm7AE9O9jSmtX87HbXs9vs43hAm8PH
/xnl2HATZmBzm2QZjmAlXlY/lOfIFgbUQi62H8Wdg+okU9ZpgRWtJRjVi8my
SHm6gWk64lKnaBG2xLo0pQfXZX7LmDjrUY1KrXwBtKydUiMDfxK7pGcvdiw9
LsImGGKABnWsMBPtNBBKRBtuEPaHV+CnJRw6Bey8or2OmuzVl9r2KjzFn9nh
6lkRsEkFDCmYZWqsGAlVAwyN5dqp4mYbldjYce3GoiV9NAfMdGiRAj+82SM+
aYkPvNCAdVflVZnbsJhC8FFDtJcfbVAhsDZdnbw3G9xWQ+kxQL6ytYmEr+I6
pa6mxKDGs6s2lJhaowR2a9o/OTI7oJjAJ0+fPCTqn8T63Mi5NMqGypHET/1p
D8zY2uLyZKeGLtliKn5JvMs89a9VoJ9Q4c6MaqrzyGqCjE+MLWEfOR3v1UWi
1RiNHApUrnWHj/vu8LGZyeRieClHyNM6E60pPN9LTGKWYR10VGSH9GK3bpMG
czmlgWFhmr40Lso4nYzVa1/v2OFyMDwBKDyxlVyRmLpFTrG52sgrVdaSzuec
lhKMlgbvWHJVc7zEuY1PtNUAKmI/ewDnnghkkrDJ4X49Iwvl24GW792+Taoy
+qWFp081m6Ty/smjEyFOb38KikiUiSuVVplLmgiil/6KsFVPe6HVsMCW4aGW
J+ZOED/vea/Z6DKYtNFGwVadaNQPbuYwqYy76TX0RJMmg8CtEXjkhNnY5Ll4
nTjRX9SEZpg587X4O/H+Qw7WSgMe7SPYOFTRnddNKa4Fx3eTJ57CvV1UNRUv
HWKRd6/QLaNiyhK3RY96mOTfxCPjIHJPJ5oryJCL1KXDqgDvTXmpuyb/E74S
Z0W3E4U3SneTOARMELYXQeQ3x4CdYR1gqWYYxkITSfQS3P2OTi7eB54uRxoy
9RDlYLUEmb0RTZr/JQz95aYRKR3N24gRth5qayua+Nhf9WW9X22GTnk9/nT5
7HdWekL/ml9+uU+J5cplGl4fuvfr3aLNU9j1080wpse5iL/pYu9KuOpGO7CW
Q37YFxPwySOnJL7Ui7iTTtupyHJ4Hx+RGgAon1qNHUvNC2b1xmPR3ziw5Sio
yts59/ljIryoK1pDb6muf2rT8RuEPA5x0wAzMIBstxpAtkMDyHbMLuzFQ0bl
FZt20rcu7qlja6ZDeAun8NapEu0ak5WhCao04oKb+VjC7OdWfY3ZWl3jwse0
bYtw7VS5jJ55wnnHTv1h375rwU3HT4XZPaoZMzSroQ8tmP0sfdbW6duazfct
d/KDUae5Yw7qtmhCWvVVmteSo+3xYsdb3wIIxBkUkoJZghP3yqQ5IRrjdCjF
F1KiTyJ4EJ+3iVYwvQRDaIJmI5KiYVOUtwnVWFNwkhOaiYKk0Uq2oADN5Ak2
WzXQA1b894wg92fB1Ao2juTiJaMsIecxoi1s3MbSE6TJ3acg7pGE+rHv+N+X
Zx5JxQvr2TCus9CxEfhAWKAf5+f2mQHg4MA6PcQVUt2jL4TDsmxcmtMltOjt
pYM9/6v9JGlaXZ6vHMqbK/6bP62s/ZR8ndAAO+uaonBj/vv5B/Zf4s/n0oWu
fy+6/SisbmScy/4NvqIfHMftW/U5ftloZPW5+0r0VxznJnlOsTo0Lnz/h5vk
WG2YeK7Brm+SPclR5h/pVx7H8o8b/sFH5XCcyK/3ua8Y2DqB+uc4nG89TuTX
lnG60aBrnM8jEIk2Mvu8exw6fHQoO1PeJCST+H0Cb5aNs3949PLg+PTgp1N7
/hG/+ZJx7mtf3sLN58/R728/Tvzv6DiNxd8s/TtCrD5faQ69fD13einZDD/O
MM9zYOW1Pv5NVsur7vfy7a7DRvGz27oaYt2N1ci3u6YtLzHajmE6N7UbJBDd
dZgANHcb5t6Q4r6QtPGlS5huot+3jNPVTJHJdne7RcuU0vVkH21ATd+5smK/
nFYTEDwOfKLO9sSM01Si7At2nLN1ZYuSkhSAom1fRbAvhGKjHfbbn37Xn6vw
OMN1aaTgWDb5U+jUyQnGAI6Ev+p6gnHwBWcR0Rm7PzzOaL3tQMw4DcpCn+Z6
GppJMM4uRYibpBdOk9ttjuMToOZ6dn1JX79sjNO2bzvOYmbsKaShRsYZJGtn
HDGzBqBygvbdcTTvRmledD3oVcFAHkkBgQlBZvfXQ7QyoHjN9QAKOZVgZT53
nNhxRdbjOh/JiBaMs+TTj270G6fvBw0tgyNTXOc1Fdfh2jof0BI2WLerxVAb
1y5lTBu6vsRvvqNvDh097Jmjhzm6xVFED2vfGtfmOGzTwbwYTezmWtaYnD9o
dHXtpWditktTzbx1dFz3ImOaYmJ2CH+G2mKSxPRFRp/435crUewErKQztvqT
VX+UtbS+GU7XROWePzY0iGVzNpQ7MwO+lqxFcWt9pamuJb/tXapaE+ikHW8O
fDHbR4cVDHPg8lRO4k5drLCVM1aqy8ctO+mH2CJckc+H2NFSa54Y6td5PZ0S
Ye9PJ+nuS7cTZSWd8t4txumU9z75vszf/V/7JON8iA2qHT5RIT/25ec6zg0G
vT1H87kNlMNdfv8a/39n0xIsI7FjCFzlGqd4nCC8jh/Guf5wY6Px3C9tAJ03
Dgc4sMFSnV86tRfMp19q+F3ij+PEh/7RQE7+31uofmlN5n+049wXnP0V9Dvm
8K87j4OHyX/96eCk7zgdhr9bradjpdFxaIkfPE77/eq4eZd2nOa5f27AGNpI
ccWx5xkPt+W65BJCYDgQXAH0u+9R9Y6b3/OXNxggeuhWmL8x+Ow3A3ZhZt3h
N+a7UCXQccRrH9wJ/kvdrokzTlDaXsaJ7bc5ojsOOidQVURnj11P7J3ucZww
rQ8ax4a8/vEDxmk7d/tcE5/b7EThl8vwuTnOy6zMPNQhlG2lY4LSzXFc3Mkr
dz03GKLt4XMiFB3xORxn1UEcQ7FlnPOiGAURRTdNmDJW+UG1/jheGFJexYBq
LM9+gJU/jhd4ICjxex+zzbh+Dwd3nDZzufe6+cOGAbvf98bDNpJ4X+M49PDW
44SA+PyO49wkT4BGmsBQ/O2O42goG5PQu4/jtHlO7r6e+4JP5IHe9MdKBj3G
ucN6boU/y8w+IV1tG+cm+ZIoFMuchl06T/UdpyXe7Y+3G+e+9tXyo/tc/3Ha
hKzGOJ18Z4kS00IPA3LaDz43FLS5L7FgGKkTguUG43tPqOyehmp6p39j+QWF
dJs0WDOORCu0nfumzib6skzStNxG/xmBorha/AijyDhHaS4B6BIXbFI+vH3Z
0KSW9cRjhtks6awniGtqjoOZN6AtzSVNor6eZ47LwciZfjxU3/Vs+uN04Q9/
Pvx+9f3cnx3JHfNjjN+y375mqu11WU8ffaoP3LpdDN2b8ccxjkcTD+ZUACWP
jslLsrGv11ntAkLwXGuDtoXKRisoh+Pc176i53VrOH9s/LR/X7YYZTFwYMUU
f46FYd3d6k/mfomOcS3La9Fwr/W2Me68t49rcG67tUcNB3kkpI2W3YEa3uf2
ePt538vHEb9mE2LRMzdrDUNA1/26Ff79uvmA5cWgtxQQH/TSxwO5DVl4lb7j
EN36olEYFI/AxQbzklcF9GyRT0Y2isf3TJuX7rS8O0DvTlfDHSD+96cnSESO
GuGYrcSoGXIZHXO519q4dtVp7bihT8itez9+5gcPbHbx8Jr9Q4R5e77Euu9k
nFPe5+Hzf36rWdaEoodEJUzZoe7Snisrp5pr4PSJIxnSJiFiqLYjqLZH6beX
BuPSUnlLAeAQatgNEoMB0D9eOb1yk0aV4J3gWdual0u0atIm46Rka5dcwiNI
5vV3byLnl+QlYJR97tUPaZRJibZv0vohfWukdZZd87t12YPrXnv7iFj1M8iB
9boXI6q9Ptl/fXyAax1j1r3QyL39A0DLdJpRqwMnyTYdZoNsdFEMB0WFhGEg
L2LKLcO/puILvN3EaRqvPaUjDdWF0OCkwwlmtMQrydnfpVQ/VTlr6+BOQPN6
rN83eKPZLLIBk/Nk0NEmd3oIeqSF/WpN1DOtUbvXtaSgtzvFdhI2hcZiSiSG
UBbd4enBq7d7u5FLHbb3xYRRHG5IpMStJmhvtySp86CKcLbNn2mmfrzOk2ya
JTzb9bHHLtm/mtobKd4lHbZ3tC39KTHYx+8epSn/W07ldNpwe7Y7HtFCKyM5
6YmyQ7xFvHyvOCOlg7cen+n/SiO3FKO3WfvNostUYVgbkjZ/zd3qfkK1pRPV
uDuvsjJLoxkYnTDnl1FlvGzveMdbkVbvkuBIXzDSO5syP24inRaw8rY3c2kt
u3QZyQ973705kIIj9u7gDP1HsglDxwcvZGPwF9E7sabZR1DKoEl1N7KHO053
1937gzyzq4YBYYX0JcrPFANnKgQ55QoM7LjOUftkXNQimRRD7nCJDVZqLkRF
neGClF+7J1kDlWHtguKpKdaw5VcUa14Kbi+ItLAoZlL3k4olxNHQ6ANM9rYM
2TO0biPRErC1ZM83uo3gDy2RgTvhuIacfti4XmraI03MJO6HhVCUAiAPcPqf
SN8d2XtAcLEqPKzRpBJSh+g3lZ0bPXsg+e4dMR96Buf9bvAjUA2T/HdGXyEh
AWnVdtHZCwoTOEgsrUNMu8VwJipa8+X2423plewJDEF/lzXTgRA7/GFfQeKD
hoMAssxkRdasuk7o51a3Ecl3nl5PipRkXlpJyb0/ufCAFtVBQjoEGcnNoDWd
oRs96bUuUnvD8c3Ea/jognBrCQjRcs+91kXcO9GayPviCCZYfvVkC5sWmDo0
QbGFZ6gSm3oUKITTW0+fPMFJtXoudzhgzF1wFXQna5XAZeXOhpCd1z4VK+Z1
PtV23KaN8dgDVhScUtVtekaFnOzDNo3V9p6jXOlqcSblJRVIdPAczKydI2FN
wwuu4XN2Te2mK6GAqzz85/qyoMSqaXSb4G2ZZB7C+OVitJ07kaNQP+oqGGIC
qXnugVU83NLyWDXeFdInWAOulC4I8ryBSRueMCaZ5hxprFWS0yjbqF/nC/jP
hM6C7wgcDRa0l2rceKAEGPiKW1CrrwQ3+8yQDieN2rzCZODp46eAhDi2aTqO
Oph5iuVyb1iLFOGp+RWGDI5zvQ9B6uiixCwOO85L7n8mpZ1CjVfsf5qqDQwy
Lc9dMRmtEba2YFHGn3cJ8qkn1Tl9AtV5h/KIB2QeE3VobflAguJqDrSwXHV2
uJGcLWpyEqwWi9r/zWuG5HdIe7S5tbmz+UiIE1MXSsYn3rZhuTRXFPTXZgru
rQllWYeTnVDpvSae6z2a5O8yjsXH+gHZKMd2fVJei6q5/3y9bhr72UtN7JAN
KMxtI/jIrbYFT3ptlKxB3xc1AYfPp8wqG3Sjl8TWiPYF85m8SoL3yeF/O3j7
7PXzP+2KOf0X0q7PrlGBEeJAfSHYmkwoOc1rc6lxN1JkwDm7vKJ4pQ2nrwQV
SjDGe3XWrp4Vo+tVLU4Bohs1vJfa+cTa4TzJx0n9N6nTc2Mh2KhtJhTQFhyQ
JoKk+ZnQHsAprMImrDMkhl5tZR9omF5ERpgGeuEO6ILCO+fZjLphnmUNJdJp
VnwLUQEQhbtHpNTQx2sTuONxZ94xnoNHqGwn9zhJim8nbzaGdJAgoOs84Eay
xv3kmO3R2cE46/IOqdB+yFcI/dRXrOPr3TRIS7+/fbXTgrjB6BtcqpbvJXd7
6zVdWJtq+TzzyaKi2bSgTMuLqYMH94UBAppXp28YKtP053y6mKJeu5CG13pv
yCHBixEfq3RZlDBAe5sNPWN+Y4rFPHmUfJs/w3XpNIgjcEmmvFlSLRj/3jw/
Imaztf3VQ5lUCIC+Sm+MOW798OjySQJ7sBt6/bKDPJnWSvDfiywdaVUc9dOg
SLCYKR5P0mukigvUsybWouf2d2rp58zWXJ2RZsrRx+G1V7J2T9vU8rPku8NX
h6fJ18maHk8y0I2t74oZCSVCZBQeRMxe+Ra59/S6cUXlHBnkzvlZOv/d6/1v
WyBJzFlILr0xzPLJmqwO/8ZBx4vZ0DbkOfLLDFWB/Gzu0rFIP02VbSCVikB1
e8aLr6Q2nSGLTYKVupKXVidyG987NijyaGy6HUWtUcYdhaqTsYdOuRAfy4Rq
doZ0UCCN4dONA9cyllS3zR2rRSb0YOZQw5Hf3YKsOnxIPqPFeZjZXpARw3D0
5PdfM+JtNLZL1kEuMGu7asp16aqMht1Z919//3xr16fBZir7yPauYDst5XP/
+XXnhdaNLUyho/tc+s7ypT8yS8f70rV20DK1724q5VC56LFSHrfaVbCm5taq
C1MHFK9BJ1syncHCQbibqg3Nq4DXgm7pVtsiD4fteYCUOT/HRmSqURflO1J2
A3F0b3M77EwcSN3uQkT9paTqELk9Cchuc98ywEPLAPffHvdngrYNAM8cVV89
XblQl3GoyOdOO05p5TIecwdIgN8bh8qiQYqQwfQLpi6vxnahZEDMDXUCwIWv
hRVd6WqX0L0QwEL5OGY/vD7j5C1Qp7fLzfKkBSDWP951SMcf7O3E3550X+Y/
OPfBtboMg4LYXEItQv7fS2Eye+ko3cHWrfPL8EV2w8zZ39GXve+x7dHeIDfc
HYvyfXyxSMWMMksrasxi8rnJiIE6R2aaZQu71d63gPU0c0O9tunhs8X0jI2q
JRX/rMtcogmcwoKmnGWIu2q54UvYuACwuIt0hkoJyUEsSVSm+aqBhD4X61JG
AQWBgdgo19KtIJ/FpBGg929x5W9V91CEJDSkgQnpHDLZNI443ckD9TYKOMyh
LfNs5ohqzjErfyXhzieGjmFPyaLwph7kcaPjKI9P374+PvyGamT/CzZCB1za
AiQluctnUV84N2Pde4Tuo/eztxW2choFo/9eDFElA9Wyfey/fvWsYx/RRR7W
cmZistJhfq+AcSs/9thIOrlKr6vkGq1WFXmGkMRGl0yxHw77JAPpjJADn7Qq
c49pz9DiCEiv4QgkReYegneXmkVM/2o3IrXpj0970l7DiGH5LWJgeBdhG07h
cVOq3FHcel2IDdvvlo4yLl8JESUSjW70RsMHO6PY10cemsJFz+sqm4y5CSmo
Swup+05Npas4nVBw9AAhE2O3qrHTb81B+JSaQy4lJ2TUXU5MysXMpGM2zsch
cukSMmLu3o4z+3L8xenvOC1d1/u48n/4+o533mXOZxxtDr9x15tZX2IOD2bU
ocenEZ4Rl/vuSrRDTFLJK0dE6QKDRya33f22qJpYUTawi9JCtj2NXdtfLVyf
VEPVxLHoABhrpZ+jdBFv+I7UP6m3cpIau55IlWgrhHM1nTCoWXDeDLEqldLQ
IXGR1xrnaAE+iThpaUO4zDFaksN6PJ89Uy5dpyu+qRxE31VZecniuWstcJzf
ItEts5nSqBE/TcnmHoeI5GMrogVyzldGznn6MdVBGaRTI1x6Sf6RtLzktfqd
MBhO7G3sh5KjJQYAaIwNnxwnFQZHpDPYeXqWT9C36ZnGQkshduMqhospNTtl
x4Zxag69WUnmz3GFRAPKyrdYm0BmBImRvxfzEXXQYfzmB3AYXYXb3ZguaDGm
zbuOWXcNarrTpscDf43vxT+rW+q3FwVcbDvsEzU9loNh8MTyiTpSFUueNnHE
+/1LT6glUnvN8xAG5BQ83jBohss1PbkmeVWHS/gqWAIqpTwPsT8iwNjiNmNr
o+pZwVFeCUOjQ8ILIa5Gl1wi9rnNwrFnJXw1zUCU0GA7/AIzAtnf0NqbbN3m
Xy3pbq0Li3e5BsTOQFYYGa3XsBA547wUnqZGDpO2wi2loqAWzzozFQdtcc1m
ue4qtYz9hNbXhkL4etuxe8f24IGkvFv+UpZw3DOM+oR9HfqLhptQFJOKwogl
qGW8+OUXOLiqto0KhVgOXsBPROncfwLioBXvIpvMtQ2TsSbaeXtdI9om/HKX
ruWw9xOSaWg/tJpxrlYqINJTMVn5C0mAD4IM5gYK6FE0PNHsAic16PtihjSF
GidRt0v13dpEDXVr0ixyIxYzXDrdkVF2mZvthL01nHSPbF6ZmHjtNgUrqSWw
sCoWJeuBBlSXiwm6dYmsU8KDnzggU9GyMcBjiHoBPEdy+BE1tOYBgcdipNG8
xMhqTjxhPOQcFLotudkBeccKim459w/XMC8NA5GhDGWCE2FfsxqoKMMAhauU
47807oM5WR0GNEcBLmHu1K/NlrVnyRjN3t75cR8gIK2Vt1F3iyKZIPinfIIS
xnmJZv/cMaYCpVoI957C7yWG3xQ1gFEEPKo5yEz8Z0Jt7mxdIWJqvK+PpBss
KtPApithXnFKzdniXKOJAhISIAJxzMO97/cicoLLDLmLj+ngTBlB8Ba8PhgM
OCkKBnrBjGGmaUyjoIpsPInIbSDcp5k8xa/jqmApyry630Xj7HhRc4M0iqBX
icZJ98hnBlpLSI02IWwmWTR6qG4lQbszMlPePnPBSSfoyJLBxn4lLFXSAnom
3mz6dn/QO0eTrJljErRCb63quZWk0RbfXcfDXfaECnIPD9uLjmuLComykvjJ
0Wsl79QBU94Oc9ArLJtc4U3K4bIz9TOtLbt34jey6NHEWTrdo08pzJDi6dHW
U7DxJw9FwJbG3ISbrd22frMtqj9L1h6uhw3gGI0sN3Gvzqe7J0TXD5He+21q
WLRdzFob/m31aTTNzbPWttaXt+h2t287YGr34IfKf+JpdZ+6LfdH68oNwNqO
Autv2pj7U/Tl3mLAfuJW1wDvnfWe3a4/vME1zPZo/VP1uIbJHq//5ttcb338
NtcAiCfr/5idrpdDl27db6zR9Ufqc80U5u+pofQH9ZPe+gfuJ/2xuisDqfly
/W/cYBnW8NX6P2KPZdj404aU/R+pzfJH6bKM4jcoH5+k0XLnEW1ty2ocbeDv
tR8ybtOR42/RoVZsJAqYeIdiwpa/+/ait2jE4pnE+jVlIZ1aLXP9zTma8Uc5
4rdt0rLllkPyaiD5/7h1Y5YtU6izb8uSRlWpzh+7O6g4C28OuqSbyR4xcjLK
TrwmaPij6w9zF9a71UkI4w+sPedV2PqQMoBeg7ue9b1OAlser+f248Q+/9nt
ZPk49h/93/sk43xA+dBlVdVvM85N8lC6nYguQT/cZRy3RJP0GLnDOPe1LzP3
h56XVgRfUiG693o+8NxpnJZGJJFGK+3dV6jIoWl1I4cf63Kjpc/jXW5kHDp8
06cm2uXGtESIdrmRcZwON4n+nPjdacx6ol1uZJyg1U2srrZpQRDtctMF5+in
C852K72OOfzrzuPEutwsHadnl5ul43QsND5Oy/265Tit96tflxscp63TzW26
3FDZ1ninm1t1ueFx4p1ubtPlhseJd7q5TZebNviEJ2XHaely04E/8XFautzc
epyWLje3HKfr3OXBBj7Hxok9sAyfm+O0d7npwufmOO1dbhh/wk43is/hOO1d
bnicoNNNhD4v63Ij+Oxbg0Ko9uhyo+Pkqh/zL7/3CJ8Ztr3LjdxTt1eOefGm
MU5Hl5s+96uNJEbwJ/bo0nECeni7cZptXO42TrPNzV3HCdvc3HWcsM3N3xY+
zQf8cT6wy80nw5+e3SqWjtOzy02PcXp1uflk+2r50X2u/zjLu9zIwx/a5SZO
x0Qupqf6w6et042eV58uNzxOvNPNbbrc8DhdnW6WHJY3Tlenm35dbmRfHZ1u
+nW5kfV0dLrp1+XG8uW2Tjf9utx04U9yS/zpcyqdJ3af48jd+Zt1j3HAKF2k
QEm5WweZTb2BNM6HfNxxbtHdwevpEI7T1eNhs3Ul4XruC87+yHeE0t91N5u/
efMI1x11l0YSW52tI5LnGoj+Zs6FyTVgXCPUB5wuVr2HhXIEfj4rx0PuO/ED
UGxkEYOHTxD6g4df2u4RD5/AP9+j//J5Xg0XdD3LrObwcrw6JrXO94hykKt9
h8KmxZsWuNIoncQtKExVy6Oj0qD7GKisWQsVFf75LNmbOf5ErtXHzkaqXF5y
AqxNRuKX3nBmQ0ohb26UurV9xDsd7O0fyBCnRCKqxXQKi/qF6meqd+Msw3pr
MDeeq3U7OlFdnGGAw5wMsWz9JJ/mkkYTcG9J+nLLix6/2E8wVoBh4pSsJvzg
CH5itKMyHdeDziYMNMbBKMfANiy9nf8s6Rz5FOUWTpraDJDlMSPLEwdZHsM/
CVm+4TKJlNwdC5tpjy+kpRxnICthxg/jD6GanMp3e3xXRwv0xJtg4cVccEoQ
3R4DgOrSrJkSBB2ATIAhUDuUX2jevZHGyDuB3bYG+IID+8jvxCHakQjyvM1X
XDlTrLbnoK5qec87HcojPpTHzqE8gn/SobzKZ1hcxrs+d5pkhyd55EyyA/98
79xOiehDFCs4H4iL0piA0CJx7C9iHHLPIJ7Ux0/MKfDmZ8q805yaFs99m9s+
Qkk439CAogsA2wyAHQcA2/DP995VrLVWxaobyLkKS6JMbucXCmlapSW9ol54
xYhSrzgZQLLuqLSjSzo02SAvNbh0qpUp9pQEMAXwqmn3Jm+fcVE9AjLmLwAP
8TKc6Co4xQy4z5gWuuRAOsHiY076go1Rqjtn0hYSrQ+wNtwhKEzSZ5Eu6Rua
rkkdAczSNclvmqRs4TNhoU7TgA9DlS1GlW0HVbbgn4Qqh/weJ+8TZex/NnsU
Zg1Xa0FLGpjgM/+S4XC+pdO5am/6AtrGN7WOpSTbqddd6FHGyrgH1SsPegHz
IQNzywHmQ/jne0s3ghxgBKh/aW6BYfi718+I8z0nwEWxngPGoTRR2SE/HzxV
25buAarJ3vDdrLiaZKNzFhUQoKn/HQqLUhwmG329OitW33MYFl4uIABUd4fy
/LAaC9y7X3/9df+ihMuYgwC2N63++n+r6j1mYcEP32QFEOgseZGNygzuafUu
15+O83dYhf/lX//tfLKYjfTrg0mVJt+BXPTL4Aim+UW//6/FxQyzbhd//d+g
0NV1VRUzM8tf/w0UiuQkm6RY9ky/flbiik5y4EX61Z8WPy/wuwKD3t9vSB7Z
r69AaPl//ydNflj8+//KZ/m//8/32KGAqV1OAcKSQA6Pj7NshDqLBKdRxyu6
wWFqKKu3IL9jVUZj49BEvSskTf+ETTxmACIuNHZO5OyHw++/f/3Dnq1xkk2A
og2+R50TjhODkZL9Px0dH5ycbK78fyWcXsIhgwEA

-->

</rfc>
